Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

TUFIN SOFTWARE TECHNOLOGIES LTD.

(TUFN)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Steering Towards a Zero Trust Model: A 5-Step Approach

05/07/2021 | 10:20am EDT

Zero Trust (ZT) is a popular term seen everywhere lately, but it's not a new concept. The Zero Trust Network, or Zero Trust Architecture model was created in 2010 by John Kindervag,who was a Forrester analyst. Eleven years later, CISOs and CIOs are increasingly adopting and implementing the Zero Trust security model into their organizations.

The Zero Trust model suggests we shift security from a perimeter-based model to a model that's based on continuous verification of trust. Actually, this model assumes that a network has already been breached. A key recommendation is to create micro-perimeters or micro-segments to control access to sensitive assets, and limit the potential damage from attackers.

Over the years, Forrester extended the original model beyond its segmentation focus to include other elements to ensure only the right people or resources have the right access to the right data and services, such as:

  • Data - Categorize and classify data based on sensitivity; they also mention data encryption
  • Workloads and Devices - Apply Zero Trust controls, such as encryption & data security >
  • People/Identities - Limit and strictly enforce access controls
  • Network - Identify sensitive, valuable assets, and define micro-segmentation around them
  • Visibility & Analytics - Log, correlate, and analyze every activity across environments
  • Automation & Orchestration - Implement using automation, and integrate with other tools to improve detection and response

As a CISO, I've often been asked how I translate ZT principles into practice. So, here's my take on the Forrester ZT 5-step implementation method.

ZT Implementation: 5-Step Method

The first step is about identifying and prioritizing the most valuable assets, which also require the highest level of protection (aka, the protect surface vs. the attack surface). This is where I involve other business stakeholders to help me identify what and where these assets are. Keep in mind, this process is complete only after management team approval.

Here's how I think and how I'd also present ZT to the board:

  1. Identify your Sensitive Assets

The first step is about identifying and prioritizing the most valuable assets, which also require the highest level of protection (aka, the protect surface vs. the attack surface). This is where I involve other business stakeholders to help me identify what and where these assets are. Keep in mind, this process is complete only after management team approval.

Here's how I think and how I'd also present ZT to the board:

  1. What are the sensitive assets? List the mission-critical, valuable assets that could cause the most damage if compromised. Valuable assets can be data, such as credit card data, PII, PHI, financial data, and more. But, it's not limited to data only -- it can be your legacy systems where the primary business transactions take place. By the way, the definition of sensitive, critical, or valuable assets is completely subjective. If you ask your CRO, the answer would likely be customer data, but if you ask the CFO, it may be financial data. At the end of the day, it's ultimately about what can kill you vs. what can harm you.
  2. Which lines of business or processes is the data used for? Consider the processes use these sensitive assets such as customer relationships, employee experience, revenue generation, regulatory compliance, and others. For example, it is important to understand if a compromised code repository could result in a regulatory violation and litigation.
  3. Who currently has access? Which users currently have access? Are they privileged users or not? Consider the potential number of affected users in case of a breach.
  4. Where does the data resides (SaaS or on-premise)?
  5. What are the current security controls? Which controls are in place, so we can identify the gaps, and take action?

Figure 1: Stored sensitive data within systems and their related security controls for security posture overview

Department

System

Line of Business/process

Stored sensitive data

Users

SaaS/on-premise

Security controls

HR

HR SW

  • Hire to Retire
  • Employee experience…
  • Employee PII
  • Employee financial data…
  • HR
  • All employees

SaaS

  • Authorization solution
  • 2FA…

Sales

CRM

  • Revenue generation
  • Customer relationships…
  • Customer data
  • Financial data …
  • Sales
  • Marketing
  • Management

SaaS

  • 2FA
  • Encryption

Disclaimer

Tufin Software Technologies Ltd. published this content on 07 May 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 07 May 2021 14:17:05 UTC.


ę Publicnow 2021
All news about TUFIN SOFTWARE TECHNOLOGIES LTD.
06/16TUFIN SOFTWARE TECHNOLOGIESá : 5 HaShalom Road, ToHa Tower (Form 6-K)
PU
06/15TUFINá : Expands Market Leadership in Security Policy Automation with Latest Rel..
BU
06/09TUFIN SOFTWARE TECHNOLOGIESá : NOTICE OF ANNUAL GENERAL MEETING OF SHAREHOLDERS ..
PU
06/03TUFIN SOFTWARE TECHNOLOGIESá : Tufinnovate Americas 2021
PU
06/01TUFINá : to Host Fifth Annual Tufiná:novate User Conference
BU
05/27TUFIN SOFTWARE TECHNOLOGIESá : Cowen Initiates Tufin Software Technologies at Ma..
MT
05/26TUFIN SOFTWARE TECHNOLOGIESá : WannaCry Ransomware is trending again. Here's wha..
PU
05/25TUFIN SOFTWARE TECHNOLOGIESá : Stifel Resumes Tufin Software Technologies at Hol..
MT
05/14TUFIN SOFTWARE TECHNOLOGIESá : Announces First Quarter 2021 Results (Form 6-K)
PU
05/14TUFIN SOFTWARE TECHNOLOGIESá : DA Davidson Adjusts Price Target on Tufin Softwar..
MT
More news
Financials (USD)
Sales 2021 108 M - -
Net income 2021 -45,2 M - -
Net Debt 2021 - - -
P/E ratio 2021 -8,24x
Yield 2021 -
Capitalization 349 M 349 M -
Capi. / Sales 2021 3,24x
Capi. / Sales 2022 2,88x
Nbr of Employees 533
Free-Float 77,8%
Chart TUFIN SOFTWARE TECHNOLOGIES LTD.
Duration : Period :
Tufin Software Technologies Ltd. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends TUFIN SOFTWARE TECHNOLOGIES LTD.
Short TermMid-TermLong Term
TrendsNeutralBearishNeutral
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus HOLD
Number of Analysts 10
Last Close Price 9,48 $
Average target price 11,25 $
Spread / Average Target 18,7%
EPS Revisions
Managers and Directors
Reuven Kitov Chairman & Chief Executive Officer
Jack Wakileh Chief Financial Officer
Reuven Harrison Director & Chief Technology Officer
Yoram Gronich Vice President-Research & Development
Michal Lewy-Harush Global Chief Investment Officer
Sector and Competitors
1st jan.Capitalization (M$)
TUFIN SOFTWARE TECHNOLOGIES LTD.-24.04%348
ADOBE INC.15.62%277 175
TWILIO INC.14.20%66 002
AUTODESK, INC.-7.10%63 135
WORKDAY INC.0.88%59 732
ROPER TECHNOLOGIES, INC.7.08%48 141