TZL 1418

3

O P I N I O N

Mitigating cyber exposures

By adopting a zero-trust approach, AEC firms can strengthen their data security and their protection against occupational fraud and external cyber-related threats.

A mong its numerous implications for AEC firms, the COVID-19 pandemic greatly accelerated the evolution of the workplace environment. What became obvious almost immediately was that traditional cybersecurity protocols couldn’t keep pace with the complexities posed by hybrid work, growing numbers of remote employees, and the dramatic expansion of cloud-based technology.

Jared Maxwell

The speed with which these developments occurred quickly made traditional perimeter security ineffective and outdated. Today, many AEC firms need a new security model to safeguard their information and networks. Many are now turning to new “zero trust” models. Zero-trust approaches embrace mobility and protect people, networks, applications, and devices, regardless of their location. What is it? How does it work? And why might it be a valuable approach for AEC firms that have changed their operational models to adapt to the new realities of the work environment? Here are some answers. Traditional network security essentially “trusts”

the identity and intentions of users within a firm’s structure. Unfortunately, this approach leaves it vulnerable to malicious internal actors and rogue credentials by allowing unauthorized and uncompromised access to the organization. The term “trust, but verify” typically describes traditional network security approaches. On the other hand, the zero-trust approach removes the concept of trust from within an organization’s structure. With zero-trust, a data breach is assumed with every access request. Thus, every access request must be authenticated and authorized as though it originated from an open network. In contrast to traditional security

See JARED MAXWELL, page 4

THE ZWEIG LETTER NOVEMBER 29, 2021, ISSUE 1418

Made with FlippingBook Annual report