Nov 17, 2020
**Apologies on the Zoom issues**
This is the 2nd of 3 sponsored podcast interviews with Illumio about Their zero trust product.
Katey Wood is the Director of Product Marketing at Illumio.
https://www.linkedin.com/in/kateywood/
Topic: Conversation on segmentation and ransomware
Topic Background:
The attack surface and vulnerabilities are on the rise, along with cyber attacks
Why? Remote everything - cloud collaboration (including processing PII) is the new normal and that means the attack surface is heightened. This requires appropriate network, cloud, and endpoint security.
Double ransom with #data #exfiltration -- more attackers are exfiltrating customer data from businesses and (if ransom is withheld) extorting consumers directly through bitcoin - often in the headlines.
Privacy is a chief security concern now more than ever before, as remote everything continues and #cyberattacks and #ransomware attacks skyrocket.
For businesses, Covid and the new WFH normal means even more vulnerabilities and greater incentive to pay an even higher ransom to avoid privacy law penalties and class-action litigation.
Enter Segmentation.
Perimeter security is important, but unfortunately, we all know that alone it’s not enough (i.e. breach, after breach, after high-profile breach).
#ZeroTrust the assume breach mentality/default deny are philosophies that take security deeper to protect organizations from a threat moving laterally within their environment. This is helpful because it’s often not the initial point of breach that causes so much damage – it’s the breach spreading to more critical data and assets that’s so destructive.
#Network #segmentation is a crucial control to secure critical data and PII, by ring-fencing applications with patient or client data. Implementing Zero Trust security policies limits access to only allowed parties with a legitimate business purpose and stops the attacker from moving freely across the network to the most valuable data.
#Illumio helps #healthcare, academic, and other critical industries keep their crown jewels safe through better, more scalable micro-segmentation that decouples Zero Trust from the constraints of the network by implementing it on the workload.
Vertical ‘Brakedown’ - Healthcare and Education
Businesses in the healthcare and education industry often have large numbers of customers and employees, and handle large volumes of PII, are especially at risk.
Both have already been under scrutiny for privacy concerns around PII for years, through regulations like #HIPAA in healthcare and #FERPA in education (and now #CCPA).
Now that distance learning is the norm and medical records have gone largely electronic, it’s even easier for attackers to move between systems if there are no network segmentation access policies in place to prevent it.
Potential Questions:
Customer data cases:
‘Dead data’
With today’s workforce largely remote, tell me what that means from a security standpoint. What challenges are businesses facing to protect important data/PII?
What is that data “worth” and what are the consequences of falling victim to a ransomware attack or similar event from a bad actor?
Talk to me about the “assume breach mentality.” What does that mean and how can you/why should you use this philosophy in your approach to security?
How does segmentation relate to compliance? How do the two go hand in hand?
How does segmentation protect organizations against large scale breaches?
In terms of cost, is segmentation a sizable investment for SMBs? Is it a worthwhile investment, in terms of dollars saved from ransomware attacks?
#Segmentation is often thought of as a big (perhaps cumbersome) project – how do you suggest organizations make it more scalable?
How does segmentation protect end users?