Zero-trust, Project Aurora and the Verizon Data Breach Investigation Report

The annual Verizon DBIR (Data Breach Investigation Report) provides an excellent overview of breaches and incidents and is a great tool full of actionable information. The key findings (85% of breaches involved a human element; 61% of breaches involved credentials) suggest that organizations need to ensure the identity and integrity of their systems, applications and data are maintained at all times.

The traditional model of enforcing security at the network perimeter is no longer effective! The nature of the corporate network is changing with mobile and cloud computing. A Zero-Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless of where they are working. But deciding how best to adopt Zero-Trust can be challenging. Understanding the barriers to implementation and the tools that can help is essential to enable organizations to discover their best route to securing their environments and minimizing risk. It should be noted that zero-trust is not a product, but a methodology, which follows the basic idea never to trust and always verify the identity and integrity of devices, systems, applications, data, and users trying to access these assets.

In light of the zero-trust security approach, HPE launched Project Aurora at HPE Discover last month. Project Aurora enables a zero-trust policy by providing common security building blocks ‘from silicon to the cloud’. This cloud-native platform will be available through HPE’s GreenLake Lighthouse offering protecting infrastructure, workloads and data continuously by measuring, attesting and verifying the identity and integrity of each component.

Complementary to a zero-trust policy is the data-centric protection of data in the enterprise through encryption and tokenization. Security that travels with the data, which is tokenized as early as possible in the process, and which is only de-tokenized when absolutely necessary.

Let’s get back to the Verizon DBIR report, which provides many valuable data points for organizations that want to fine-tune their security posture. At well over 100 pages of detailed information, it can seem a bit overwhelming. There are plenty of options for virtually every situation, but what about your situation? Is this relevant for HPE NonStop users?