close
close

Standard versions of Cybersecurity: New analyses for better Schutz

Standard versions of Cybersecurity: New analyses for better Schutz

It is a fact that autumn makes a dating diebstahl public. Since personal data was concerned, it was often with a larger amount, when sensible information and the Öffentlichkeit interests. Die Herangehensweise een digital Sicherheit muss grundlegende überdacht – but was bedeutet dies in der Praxis?

Cyberattacks are all problematic: computer systems were infiltrated, data shifted or sold on the black market. Often there is Bonmot on it, that it is an uninteresting gift, that has never been hacked – nur solche, it has never been noticed. The central part of the question: Which companies can use the best IT system to schützen?

Once you have installed an antivirus program, you can configure a firewall and a firewall. But these times are past. Solche Mass intakes are as überholt as the previous ones, the Internet is now one of the best modeerschneinungen. The reality is more likely: Security products are all no longer applicable, an IT environment that you need. In the gentile, changes in the security software can reshape new risks. The sobering realization: A bypass careless package is not applicable.

An IT farm that is engaged in developing mass and soulful initiatives. One of the most common problems is the Zero Trust model. These models are displayed, the Angreifer is included in the system. If all care is strengthened, the brand control and the principle of least privilege are changed. A man spoke about “never trust, always verify”. This does not only gild the Zugang von Menschen, son of the Zugriff von Maschine zu Maschine. The design of the Workload Identities can put an end to authentication. Every Zugriff can be potentially harmful and must be tested. These ideas have a ground legend rethink: Security strategies could use a ground in a new aussgericht way, while they look like the Schutz of the surrounding perimeters of the verlassen.

If the technical problems are not reached, you say about the provision of institutions and regulations, which react to the urgent cyber events. The direction is clear: Companies must continue to integrate technology, process and security awareness. Choose DevSecOps and Shift-Left for a paradigm in the IT sector. When you start to understand the integration of the lung function and no longer as nightly attention is discussed.

Modern Developer teams use methods for drawing, code analysis, container scanning and secrets management, a robust software supply chain to buy. Soul is a broader infrastructure infrastructure, the modern Angriffen place of work. There are no longer tools that ensure that all processes are optimized and that there are a number of security aids that can separate the individual parts.

Also in organizations, the IT for everything in the office, a new paradigm is fragmented. Here there is another heterogeneity: the classic vector vector of the standard technology can cause more diversity in the system farming. Open-source solutions could provide a homogeneous and sustainable representation of a number of repairs.

Insofar as the components of the design are taken into account, the entire product is abdecken. Der Schlüssel is one of the best IT solutions in combination with the right technology, well-thought-out processes and new security thinking. Now there is a broader standard and a better IT security strategy.

Thomas Köchli COO & CISO Adfinis
Thomas Köchli COO & CISO Adfinis

Never trust, always test – according to this fundamental principle functional Zero Trust architectures. The one who knows the subject best, who has practical experience and where the restoration in IT security is important, is Nicolas Christener, CEO of Adfinis. Interview: Marc Landis

The Zero-Trust model has a striking sound. Who does the Einstieg in the Theme look like?

Nicolas Christener: Often organizations push themselves towards repair solutions and lurk in false security – because individual providers rarely cover the total spectrum. It is one of the most common problems that the Security Vision repairer has achieved. It is true that it is good that the «Zero Trust» has a peculiar value. An installation was carried out with NIST Paper SP 800-207, a repairer-neutral «Zero Trust Architecture» described.

Who sees a practical application of Zero-Trust models here?

The Zero Trust Maturity Model of the US CISA guideline is one of the ideal references for Zero Trust. It is written that the maturity of the themes is shifted and based on the Principles of NIST. This model offers a neutral and opaque vision, which offers a ‘Big Picture’. The restorers of the CISA model are a clear solution and the identification of the best solutions and results abroad.

Was the “big picture” path one of the Zero Trust agreements?

With the establishment and recovery of Zero Trust Vision, it is more difficult to create a recovery plan, a step by step of the necessary functionality and requirements. If you are in the open world, Zero Trust is a long journey and the best functionality, nor new technology is developed anymore. Investments in open source solutions and the erosion of standards are separated, a future interoperability of embedded services and a complete end-to-end process by gewährleisten. Proprietary, not interoperable solutions are definitely of the past.

Which organizations investing in DevSecOps and Shift-Left can do even better?

However, in DevSecOps, the most important thing is a clear vision and a realignment are the solution. DevSecOps is a central component of Zero Trust and innovative technologies, processes and a stretched mentality. A tight collaboration between engineering and development teams are separated. Platforms with GitLab that formed code management, pipelines, planning and security analyses in an integrated process, was the team of collaborative projects. In the security area, a variety of scanners are tested to test code, artifacts and systems on the fly. Open standards with CycloneDX, SPDX, SLSA and “in-toto”, developed by organizations with OpenSSF, are visible and solved in your organization.

Where is IT security control important?

In the discussion about a certain Software Supply Chain, there is no technical aspect, but it is not that the repair of the software is reduced and the free space at the system components of the gewährleisten. With Open Source solutions, it is impossible to simply use the recounter and components. Trotz-herausforderungen with a financing or financing problem have a positive effect on the Open Source Landscape. With recommendations, Alternative solutions for market forces and attacking infrastructure on the market. Ideal is the use of Enterprise subscriptions, one of the financial possibilities to make a profit and the Ökosystem that you want to use.

Nicolas Christener, CEO Adfinis
« Often organizations are active in the recovery process and lurk in false security – because a provider covers the entire spectrum. »
Nicolas Christener, CEO Adfinis