with Morey J. Haber, Chief Security Officer, BeyondTrust
With the dramatic increase in the occurrence of sophisticated and high-profile cyberattacks evidencing an evolving threatscape that is both sprawling beyond its former perimeters and leading to the emergence of new, malicious threat tactics, the push to revamp cybersecurity processes and re-focus security beyond the perimeter has become imperative. In their Special Publication, 800-207, Zero Trust Architecture, NIST points to identity as the critical first step to regaining control over the perimeter, and to Zero Trust as the best security architecture for meeting the requirements of hybrid, cloud, and often multi-cloud network infrastructures.
NIST characterizes Zero Trust as an evolving collection of cybersecurity paradigms and concepts that allow security defenses to shift from functioning as static, network-based perimeters to functioning as perameterless defenses that work to continuously authenticate and verify users, devices, and applications. Guided by the two core mantras of “Assume breach” and “Never trust, always verify”, and built on a foundation of cybersecurity paradigms that include enforcing continuous authentication, eliminating persistent trust, implementing the least privilege, enforcing segmentation and micro-segmentation, and ensuring visibility, Zero Trust can help organizations reduce the attack surface, prevent unauthorized access to data and services, and control the impact threshold of any threat that does present itself to the network.
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.