In a recent interview, Jean-Baptiste Bres, the Australian CISO of HSBC, discussed the challenges of implementing a zero-trust model and the importance of observability and supply chain security.
Bres highlighted that while zero-trust is great in theory, it is difficult to implement in large organisations with complex environments that have been in place for years. Bres also emphasised that observability is critical and that supply chain security is a key threat today.
The challenge is that it takes a lot of time and effort to cover this area, particularly in organisations with hundreds and thousands of software solutions from different suppliers. Bres hopes that solutions will come soon to help organisations analyse all these sources and identify weak points.
Bres also discussed the role of role definitions and access rights in implementing zero-trust. While having well-defined business profiles is not new, zero-trust is not just about access rights; it is also about how systems communicate with each other.
Bres suggests that the best approach is to apply zero-trust to everything new, while the challenge is to migrate the systems that have been running for ten to fifteen years. Bres also highlighted that organisations will continue to live in a hybrid mode for quite some time.
Jean-Baptiste Bres provides valuable insights into the challenges of implementing zero-trust and the importance of observability and supply chain security.
The interview underscores the need for organisations to take a risk-based approach and to invest time and effort in migrating to zero-trust while continuing to focus on security best practices.
Jean-Baptise Bres will join Security Edge to debate best practices for Crisis Preparation and a Resilient Risk Culture with 120 top Chief Security Officers.