How To Implement A Zero Trust Approach To Cybersecurity

β€˜It should be woven into every process and product you build, support or utilize for internal needs,’ says Prashanti Aduma, CIO at Dialpad.

Prashanti Aduma argues a Zero Trust framework is critical to cybersecurity todayβ€”and she spoke with StrategicCIO360 about how information chiefs can implement that approach.

But security is also about employee well-being, says the CIO at Dialpad, a San Francisco-based provider of AI-powered workplace communications and collaboration solutions. She emphasizes that CIOs have an important role to play in making sure company talent feels heard and supported.

Is implementing a Zero Trust framework any more or less difficult with a hybrid/distributed workforce versus fully in-person?

The beauty of Zero Trust is that it can be implemented regardless of where teams are located, and the practice has evolved to support cloud architecture. 

Under Zero Trust frameworks, individual users are granted the minimum requisite level of access to company files and information. Configuring the access permissions is something that IT will facilitate on their end, and there’s no need for the team to have physical access to users’ laptops.

Zero Trust frameworks aren’t any harder to implement under hybrid work models, and they can actually help mitigate some of the potential security risks associated with hybrid work. Whereas hybrid work might ordinarily pose some security riskβ€”since employers can’t physically observe their staff using their equipmentβ€”under Zero Trust the physical distance becomes irrelevant.

If IT teams are careful and methodical about granting appropriate access permissions to each user, it doesn’t matter where employees are physically located. Zero Trust frameworks allow organizations to implement robust, comprehensive protections to their valuable data, regardless of where their users get their work done.

Is there an ideal roadmap for CIOs implementing a Zero Trust framework? What timeline do you recommend?

There’s no time like the present for an initial setup of a Zero Trust, as the framework is suitable for each and every organization. If business leaders and CIOs haven’t yet taken the first step towards securing their organization, they should do so immediately. 

A full Zero Trust rollout will depend on the scale and scope of the organization in question. Because Zero Trust frameworks are theoretically tailored for each unique user, it can take quite a bit of time to establish baseline permissions structures. Smaller organizations likely have smaller IT teams to facilitate the rolloutβ€”but then again, they’ll also have fewer employees (i.e. access points) to manage.

A Zero Trust framework cannot be an afterthought. It should be woven into every process and product you build, support or utilize for internal needs. Establishing a framework for each business function, creating a governing body and performing periodic audits is critical for successful adoption. Utilizing identity management tools such as OKTA or OneLogin to manage authentication and automate onboarding/offboarding processes brings standardization, security and maintenance of the Zero Trust framework.

Ideally, a Zero Trust framework would take no longer than three months to implement, but this is a rough estimate. The most important takeaway is that Zero Trust is for everyoneβ€”any progress toward such a framework is a huge step in the right direction.

How can CIOs and other leaders authentically emphasize employee well-being, especially in larger corporations?

Employee well-being is the most important issue facing employers todayβ€”that’s no exaggeration. To be successful, organizations of all sizes must take a top-down approach to employee mental health. 

One way leaders can foster a supportive culture of well-being is by carving out dedicated time and space for employees to share their experiences. Whether through informal conversations over coffee or formal meetings across teams, what’s most important is that employees feel comfortable sharing perspectives, experiences and frustrations.

A proven practice is to seek employee feedback through anonymous surveys. Employees should have an opportunity to evaluate leaders and raise concerns without fear of retaliation. This will encourage leadership to take more responsibility over their team’s well-being.

At larger corporations, it can be easy for employees to feel overlooked or forgotten, especially when it comes to mental health. But even at scale, mental health communication is about quality, not quantity. Even if a given employee only has a meaningful, trusted relationship with one manager at the organization, that could make all the difference when it comes to well-being, retention and productivity.

The executive team doesn’t need to reinvent the wheel for employee well-being, they just need to dedicate space for authenticity and vulnerability.

Some CIOs might not be thought of as culture-drivers in enterprise settings. In your view, what’s the best way for CIOs to start the conversation about mental health and showcase their vulnerability?

Ironically, the best way CIOs can start a conversation about mental health is by listening to employees. If someone seems overwhelmed or burnt out, ask them about it to identify the source of their stress. Once you showcase your receptiveness to that kind of dialogue, you can foster an environment characterized by regular check-ins and vulnerability. Instilling a culture of psychological safety and exhibiting empathetic leadership is key for CIOs to address employee well-being. 

Of course, this environment won’t be successful unless you, as CIO, also share how you’re coping with the stressors in your life. Be honest about how you’re managing work/life balance, competing priorities and your own responsibilities to key stakeholders. Hearing this kind of candor from a senior leader will let employees know they’re not alone and will do wonders for your interpersonal relationships with your team.

In addition, providing counseling services at the workplace, promoting well-being and team building activities, offering flexible schedules and being upfront about how your organization is addressing mental health are a few ways a CIO can emphasize well-being in action.

If CIOs are invested in building mutual trust with their teams, they must prioritize leading with empathy and vulnerability. By forging these emotional pathways up and down the ladder at their organizations, CIOs can ensure employees feel seen and heard.

Get the StrategicCIO360 Briefing

Sign up today to get weekly access to the latest issues affecting CIOs in every industry

MORE INSIGHTS

Strategy, Insights, Action

In our weekly newsletter, get insight into the biggest issues facing CIOs, along with strategic ideas, solutions, and interviews.

Strategy, Insights, Action

Once a week, get insight into the biggest issues facing CIOs, along with strategic ideas, solutions, and interviews.

Your information is secure – we don’t sell or rent your data to any third-parties.