Some experts make a valid case that Zero Trust and Defense-in-depth are often best used in conjunc- tion with one another. This is especially true in hybrid environments where the cloud is used in con- junction with on-site IT infrastructure. In either case, both have their pros and cons, according to Brian Stoner VP Channels & Alliances at ALTR, a Trusted Advisor that specializes in data security as a service. “With defense-in-depth, the additional layers [of complementary security products] give you greater opportunity to trip up the attacker,” he said. “The problem is that you’ve now got all these logs from various products and devices, and all that data can overload your SIEM [security information and event management] platform. On the other hand, Zero Trust makes a lot of assumptions that can be difficult to implement. The other challenge is how to handle third parties and BYOD without assuming undue risk? It gets more difficult as devices proliferate. “The solution is a mix of both,” Stoner concluded. “We have to defend the perimeter, the application, and the data.” Regardless, each customer should develop a comprehensive disaster recovery plan that can restore access to company data in the event of breach, or even in the event that the cloud service provid- er fails its business and closes its doors with your company’s data behind those doors. These days, Disaster Recovery-as-a-Service has emerged as a viable option that offloads much of the complexity that would be otherwise faced by the end customer. Decision-makers should ask the service provider about “recovery points” that define how frequently data is backed up, and “recovery times” that de- fine how quickly service will be restored, either through the provider’s primary network or supplemen- tary infrastructure. Note that some providers offer more options for recovery points than others. For more information, contact your Trusted Advisor. Copyright © 2020 AVANT Communications, Inc. 2613288 Copyright © 2020 ACopyright © 2020 ACopyright © 2020 AVVVANT CommunicANT CommunicANT Communicaaations, Inc.tions, Inc.tions, Inc.
Managed Security Trends and Insights Page 28 Page 30