Brig. Gen. (Ret.) Greg Touhill, former U.S. Chief Information Security Officer, said organizations must employ zero-trust principles, examine product life cycles and assess the work of third party information technology consultants to achieve needed changes in information security.
Touhill, who now serves as Cyxtera Federal Group's president, said in a blog post published Monday that organizations ought to adopt a zero-trust approach to strategically meet needs that are not accommodated by traditional cybersecurity models. A zero-trust approach secures information with a focus on a user's identity.
Executives should also consider the age of their systems and processes, and make sure to examine modernization needs. Considerations for a system's age include service life, operational costs, security and comparison with newer, better products.
Lastly, the former federal CISO recommends executives to evaluate the work of their third party service providers to ensure the accuracy and security of data.