How 'Zero Trust' Better Secures Applications and AccessOrganizations Must 'Assume Compromise,' Says SailPoint's Darran Rolls
Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.
"What we are basically doing is retreating back to the control point around the application," Rolls says. "Application security and application access is the business of identity management and identity governance."
Understanding who has access to resources, if that access is appropriate, as well as how that access is being used remains key for maintaining a viable zero-trust model, he says. Done incorrectly, this could have usability and flexibility repercussions. But Rolls says it's possible and of course desirable to design ways to safely and automatically provision access to new resources.
In this interview (see audio link below photo), Rolls discusses:
- How identity plays a critical role in securing applications;
- Why the concept of least privilege is so essential;
- Balancing usability with a zero-trust approach to application access.
Rolls is CTO of SailPoint. He previously was the founder and CTO of Cloud 10, a Texas-based security and identity management consulting firm. Before that, he worked in the office of the CTO of Sun Microsystems.