sidearea-img-1

Newsletter

    Overview:
    David Luchi is the Head of Information Security at OneDigital, a division of Wesfarmers. In this presentation, he focuses on the implementation of zero trust security principles at One Digital.
    Zero trust is a long-term investment that requires careful planning and execution. While challenging, its successful implementation can provide robust security benefits and a more adaptive and resilient IT environment.

    Here are some of the key points from his talk:

    1. Zero Trust Overview: Zero Trust operates on the principle of “never trust, always verify,” requiring continuous authentication and authorization for every system and access attempt.
    2. Challenges in Implementation: Implementing Zero Trust is complex, It’s not only about deploying new tools but also about changing processes and practices.
    3. One Digital’s Unique Position: As a new division with no legacy systems, One Digital is in a unique position to implement zero trust effectively.
    4. Components and Benefits of Zero Trust:
      • Identity-Centric Approach: Strong identity mechanisms and automation are crucial.
      • Data as a Core Element: Data is a valuable asset and a key target for protection.
      • Continuous Authentication: Frequent MFA challenges are necessary
      • Modular Security Architecture: Zero trust limits the impact of breaches through compartmentalization and micro-segmentation.
    5. Real-World Application: David explains for example why they don’t rely on password rotation, focusing instead on more secure methods like biometrics and MFA.
    6. Pros and Cons:
      • Enhanced Security: Zero trust significantly improves security resilience against threats and supply chain attacks.
      • User Experience and Costs: Initially, zero trust can be expensive and cumbersome.