Andrew Rafla, Principal & Zero Trust Offering Leader, Deloitte & Touche LLP & Ravi Dhaval, AWS Cyber Risk Leader, Deloitte & Touche LLP virtually connect with Jeff Frick for AWS re:Invent 2020.
#theCUBE #reInvent #AWS
Deloitte takes a zero-trust approach to securing the increasingly ubiquitous enterprise environment
BY DENISE NELSON
Zero trust has risen to the forefront of discussions around security and gained significant attention at a time when dramatic shifts are taking place in modern enterprise environments. Business models are evolving, and organizations are increasingly pushing to the cloud and expanding their reliance on third and fourth parties to support critical business operations. In addition, most employees are working from home due to COVID-19, which makes connectivity especially critical while the IT landscape grows in complexity with a plethora of unmanaged devices.
These dynamics are changing the need for organizations to think about securing their enterprises in a more modern way, according to Andrew Rafla (pictured, left), principle and zero-trust offering lead at Deloitte & Touche LLP.
“There is no longer a clearly defined perimeter where everything on the outside is inherently considered untrusted and everything on the inside could be considered inherently trusted,” he added.
Rafla and Ravi Dhaval (pictured, right), national cloud cyber risk leader at Deloitte & Touche, spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during AWS re:Invent. They discussed Deloitte’s approach to Zero Trust, use cases and partnership with AWS, as well as best practices for implementing zero trust within the enterprise. (* Disclosure below.)
Cloud native services help identify and auto-remediate misconfigurations
Today, the cloud has the ability to impact device and edge security using cloud data services, according to Dhaval. “That continues to grow and is one of the key reasons we’re seeing accelerated growth and adoption of IoT devices in particular,” he said.
Zero trust is a conceptual framework that helps organizations deal with the ubiquitous nature of modern enterprise environments, Rafla explained. “At its core, zero trust commits to a risk-based approach to enforcing the concept of least privilege across five key pillars, or a framework, of users, workloads, data, networks and devices,” he stated.