Long gone are the days of delegating technology and cybersecurity concerns to be addressed solely by the IT department.
With artificial intelligence (AI), post quantum (PQ), and an ever-intensifying threat landscape, senior leadership teams and boards have a duty of care to make the right investments and provide the strategic guidance and oversight to help keep the organization, employees, customers, and other key stakeholders safe.
If that is not enough incentive, federal agencies are continuing efforts to hasten breach disclosures and hold executives liable for security and data privacy incidents. Pursuing an enterprise-wide Zero Trust strategy is critical for strong corporate governance and increasingly a board level priority.
The Current Framework
NIST’s recently released Cybersecurity Framework (CSF) 2.0 reinforces this strategic link between Zero Trust and governance. The renewed CSF provides guidance and examples for adopting Zero Trust and adds “Govern” to the other five key critical framework functions of Identity, Protect, Detect, Respond, and Recover.
While governance was implied in previous CSF iterations, it is now codified to ensure an organization’s strategy is directly linked to cybersecurity roles and responsibilities, informing the business on what it needs to do to address the other five functions. NIST’s focus on governance reinforces that the entire leadership team is in this together and emphasizes the fiduciary responsibilities of the board.
All this focus on governance is key to minimizing business risk and protecting shareholder value, but also puts tremendous pressure on leadership teams to effectively communicate cyber risk to the Board and meet regulatory requirements. This is where Zero Trust comes in.
Setting Organizations Up for Success
Zero Trust is not a product to buy or a box to check. It is a strategic approach to improve cyber resilience that can also serve to increase organization agility, reduce the cost of compliance, decrease IT complexity and total cost of ownership, and of course, strengthen corporate governance.
CISA’s recently released Zero Trust Maturity Model 2.0 provides a roadmap to pursue a Zero Trust strategy with updated guidelines around the five key pillars of Identity, Devices, Networks, Data, and Applications and Workloads. Like the CSF 2.0, governance is front and center in this latest version. CISA’s updated guidelines reinforce that governance of cybersecurity policies, procedures, and processes within and across the five pillars are essential to improving cyber resilience and maintaining regulatory compliance.
While long considered a cybersecurity best practice, pursuing a Zero Trust strategy is now also an express requirement from both NIST and CISA for strong corporate governance – and organizations should consider it a business imperative.
Jenn Markey is a senior marketing executive with significant startup and small company experience gained in the software (including SaaS), security, video production, telecom, and semiconductor industries. Jenn helps companies build their market profile, customer footprint, and strategic business value. She is a founding champion of SheBoot, an Ottawa-based bootcamp for women-led businesses. Jenn has also been an advisor with the University of Ottawa's ScaleUp Garage program.
Over the duration of Jenn’s career, she has held senior marketing, product management, and business development positions with some of Ottawa’s most dynamic technology companies including Ross Video, 360pi, Protus IP Solutions, Semiconductor Insights, and CrossKeys. Currently, Jenn leads product marketing for Entrust's Payments and Identity business units. She is also an Advisor at Entrust Cybersecurity Institute.
