There are many myths and “mythconceptions” about cybersecurity that can be detrimental to your business or that of your customers. According to James Stanger (CompTIA’s chief technology ambassador), knowing what’s true and what isn’t is an important part of an MSP’s cyber resilience. This was discussed during a session at ChannelCon 2022 Chicago.
“When it comes cybersecurity and emerging technologies, there are a lot of myths in the IT world. Stanger stated that this is to be expected. “Technologies change so quickly. To keep moving forward and contextualize constant change, it is useful to use ‘enabling stories’. These narratives can sometimes get in the way. This is especially true if they are not examined and if there are conflicting approaches. These enabling narratives can quickly become clichés and the equivalent of educational “deep fakes.”
Stanger stated that there are many myths about zero trust. Stanger explained it using a movie metaphor about zombies: “What happens to your best friend if he becomes a zombie?” Zero trust is exactly that. He said that you cannot trust your network or applications. “What if there is a problem? If I’m authenticated, then I’m good to be. I might be authenticated for now, but what if someone else takes over one my applications?
Just like the movies, zombies or cyber risk can be fast like “World War Z” and slow like “Shaun of the Dead.”
Stanger identified six technologies that must work together to achieve zero trust essentials: data/log aggregate, security analytics and continuous diagnostic and mitigation. User entity and behavior analytics, security automation, orchestration, governance risk, and compliance are all examples of the technologies.
A checklist of zero trust features should also be included:
Architecture for the future
Demonstrate skills at least in six areas
Evaluation and contextualization
It’s time to stop assuming that cloud-based and premise-based applications are fundamentally different. Stanger said, to quote Led Zeppelin: “The song remains the same.”
He said, “No, it’s not a different platform, but behaves the exact same.” He said that too many workers believe they know the cloud, Azure and AWS.
Stanger stated that although there is some “lift-and-shift”, many of the same techniques can be applied to SaaS applications. It’s important to understand how applications talk.
Another myth is that security professionals have access clear, measured and recognized education pathways.
Stanger stated, “I don’t think people know the next step.” “IT professionals know their stuff, their technology but they are lost when it comes to education. They are often self-sufficient and trying to figure things out by themselves. This can lead to inefficiency. The term “best practices” is often used to describe vendor neutral education. That’s fine. But I am more interested in the practices’ side of things, which is practical, real experience. Experiential learning is the most transformative thing that we have as human beings. This applies to both learning tech and working with people.
Get all the latest news and events from ChannelCon right here!