By Roman Arutyunov, Xage Co-Founder & VP of Product
Zero trust has rapidly shifted to become a main topic across OT and IT security discussions. At this year’s S4x22 conference in Miami, Florida, experts in ICS security worldwide came together to discuss how critical operations can better safeguard against rising threats—with speakers heralding zero trust as one of the top strategies. I was proud to attend and represent Xage in this year’s event.
In contrast to outdated, perimeter-based security models, zero trust is a proactive, identity-based approach that treats the identity of each machine, application, user, and data stream within an operation as its own independent “perimeter,” allowing for granular access policy enforcement—and preventing breaches before they happen. Built on the principle “never trust, always verify,” zero trust can be delivered as an overlay on top of the existing, network segmentation-based Purdue Model.
The annual S4 conference always features speakers from companies setting the standard for today’s security best practices, and this year was no different. Dave Lewis, Cisco’s Global Advisory CISO, emphasized the role of zero trust in reducing risk in an operation, its asset inventories, and the people accessing those assets. Similarly, Tony Baker, Chief Product Safety & Security officer at Rockwell Automation, joined John Kindervag, SVP of ON2IT (John actually coined the phrase “zero trust” while at Forrester more than a decade ago) to discuss the evolution and future of zero trust in OT specifically. I was honored to present a session on distributed enforcement, emphasizing how today’s operations and attacks both tend to be distributed, thus requiring a distributed approach to zero trust.
S4 is the largest gathering of ICS security talent in the world; the fact that zero trust was a major theme across speaker sessions is significant. Following a rapid uptick in federal involvement in ICS security—including two 2021 DHS pipeline security directives, the 2021 White House Executive Order, and the 2022 White House federal strategy—zero trust has proven to be not only best practice, but necessary to protect today’s most important and vulnerable operations. In fact, the recently published NIST ICS Cyber Security 800-82 v3 includes concrete references to and recommendations for zero trust.
This year’s conference was a natural fit for Xage, as our technology, the Xage Fabric, is specifically designed to bring a zero trust security model to complex, distributed environments. The Fabric overlays every machine, app, and data point within an operation to impose granular control over all digital interactions, and is particularly popular in deployments for energy, defense, manufacturing, and logistics sectors.
For more information on the Xage Fabric and its role in protecting operational, IT, and cloud environments, visit https://xage.com/services/.