The Future of Information and Communication Conference takes places next week; a virtual event for researchers from both academia and industry to share their latest research contributions and exchange knowledge with the common goal of shaping the future of Information and Communication.
One of the speakers at this event is our own Yuri Bobbert, CISO and professor at Antwerp Management School. He’ll be presenting his paper ‘On the Design and Engineering of a Zero Trust Security Artefact’, which discusses ON2IT’s Zero Trust Framework and the ongoing validation of this approach. Based on the policy and principles of the organization, the Zero Trust Security Framework investigates weaknesses and possible risks in the existing IT security to better protect the network and data.
However, after over fifteen years of implementing Zero Trust with many clients, one of the most important lessons we’ve learned is that you’re never done renewing yourself and your approach.
We asked Yuri Bobbert to briefly explain what the research paper is all about.
Yuri, can you briefly explain what the research paper is about?
“The research paper focuses on our CISO sessions and the results that came from them,” says Yuri. These CISO sessions, also known as validation sessions, took place over the course of the past year. During these CISO sessions, experiences are shared, common bottlenecks discussed and the existing Zero Trust framework is validated.
“In short, we wanted to test our framework against three important questions: is it understandable, is it complete, and can you do something with it?”
“Our goal was to give the framework more shape, to name and investigate specific elements, and then test them against people in the field over the course of at least a year.” All this in a structured way, so that the end result is well documented, and conclusions can be drawn from it. “In short, we wanted to test our framework against three important questions: is it understandable, is it complete, and can you do something with it?”
Yuri explains that the research helped identify four areas of improvement in the current approach, which we can now address based on, amongst other things, the feedback from the CISOs who participated in these sessions.
What will ON2IT customers notice of this research?
“The customers that attended the sessions indicate that the whole idea of Zero Trust has become much clearer to them. The sessions provide you with a clear roadmap, with practical steps on how to better implement Zero Trust,” Yuri explains.
“Most striking to me was the fact that many people do not fully understand the term ‘Zero Trust’ and, ironically, do not fully trust the term either.
But customers that did not participate in the sessions also benefit from this. “By testing our framework against experts in the field, we get a lot of valuable feedback, which we naturally use to improve our framework. Using this feedback, we made changes to our portal and started hosting webinars that delve deeper into topics that we got a lot of questions about.”
What were the most surprising things that emerged from the CISO sessions?
“Most striking to me was the fact that many people do not fully understand the term ‘Zero Trust’ and, ironically, do not fully trust the term either. They also indicate that it all sounds and feels very ‘big’, and that they don’t really know where to start,” says Yuri. “After the CISO sessions, we got told that a lot of it is now more tangible, because among other things we were able to visually display how the Zero Trust Readiness score works in our mSOC portal.”
“It sounds a bit grand to say that friendships were developed, but you do facilitate introductions between people, who even after the CISO sessions continue to stay in touch.”
A second, not necessarily surprising, but always nice side effect, was that many of the CISOs and other industry professionals indicated that they enjoyed getting together and working together with others from the field, without it being some sort of sales meeting. “It sounds a bit grand to say that friendships were developed, but you do facilitate introductions between people, who even after the CISO sessions continue to stay in touch.”
Find out more?
A teaser of the paper has been made available online:
Yuri will be presenting his findings and his research paper during FICC 2021, on April 29 and 10. You can also sign up for our next CISO session.
During our cybersecurity webinars, we also delve deeper into some of the topics highlighted in the research paper. You can find upcoming webinars on the webinar overview page.