Adopting Zero Trust with Bloomberg: Implemented
Adopting Zero Trust25 Touko 2023

Adopting Zero Trust with Bloomberg: Implemented

Season two, episode nine: Featuring Bloomberg’s Head of Information Security Architecture and the Information Security Program, Phil Vachon.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

What does implementing a Zero Trust strategy actually look like in an organization? Nearly a year into our podcast’s journey covering how practitioners view, define, and apply zero trust, it’s time to look under the hood at how a notable organization put its strategy into motion. This week we chat with Bloomberg’s Head of Information Security Architecture and the Information Security Program, Phil Vachon, about how they transformed their security organization with Zero Trust.

Most interestingly though, while many organizations are just now exploring how they will start their zero trust journey, Bloomberg was ahead of the curve even before covid thrust the concept into the limelight.

“I will always say it is continuing to be a journey. It's not a destination,” said Vachon.

Key TakeawaysZero Trust Principles
  • Zero trust is not a new concept but has been repackaged and branded as a solid ideology.
  • Zero trust involves three principles: trust but verify, assume compromise, and strong posture.
Zero Trust Journey
  • Zero trust is a continuing journey, not a destination.
  • Zero trust requires a good mindset about how to implement controls and how to reason about security architecture.
  • Zero trust is not just about securing the corporate IT estate but also about securing the data center estate and the communications between components.
Challenges in Implementing Zero Trust
  • Balancing security with usability is a challenge that must be addressed to enable a high-collaboration, low-friction workflow.
  • Bloomberg leverages many SaaS services for collaboration, but they also have their own core services that are still on-premises. They focus heavily on their offerings on-premises and have a big drink-your-own champagne culture around them.

Hosted on Acast. See acast.com/privacy for more information.

Jaksot(58)

The key to growing a cybersecurity career are soft skills

The key to growing a cybersecurity career are soft skills

In this episode of 'Adopting Zero Trust (AZT)', host Neal Dennis and producer Elliot Volkman delve into the often-overlooked realm of soft or 'non-tech' skills in cybersecurity.This week, we chat with...

19 Joulu 202450min

Behind the scenes of cybersecurity media and reporting

Behind the scenes of cybersecurity media and reporting

Season 3, Episode 15: We gather a panel of journalists, communications, and a researcher to discuss how cybersecurity news and incidents are reported.You can read the show notes here.In the world of c...

21 Marras 20241h 4min

GRC tool or spreadsheets, that is the question | GRC Uncensored Preview

GRC tool or spreadsheets, that is the question | GRC Uncensored Preview

In our final preview episode of GRC Uncensored, we explore a particularly bipolar debate: do you need a GRC tool to manage compliance, or will spreadsheets suffice?After this, we will be back to our r...

24 Loka 202443min

Podcast Preview: GRC Uncensored and the commoditization of compliance

Podcast Preview: GRC Uncensored and the commoditization of compliance

We are interrupting our regularly scheduled podcast series to introduce you to a new series we developed: GRC Uncensored.This pilot season will elevate conversations about GRC that are often buried un...

10 Loka 202441min

How to prepare your operations team for Zero Trust

How to prepare your operations team for Zero Trust

Welcome back to Adopting Zero Trust! In this episode, hosts Elliot Volkman and Neal Dennis are joined by Rob Allen, Chief Product Officer of ThreatLocker, to dive deep into the operationalization of Z...

26 Syys 202446min

Log4j Continues to act as Organizational Vulnerability

Log4j Continues to act as Organizational Vulnerability

Season 3, Episode 13: Cato Network’s Etay Maor provides fresh research on the abuse of unpatched log4j libraries.Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes h...

5 Syys 202447min

Overturning of Chevron Deference’s Impact on Cybersecurity Regulation

Overturning of Chevron Deference’s Impact on Cybersecurity Regulation

Season 3, Episode 12: Could the overturning of Chevron Deference impact cybersecurity and privacy regulations?Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here...

20 Elo 202451min

Applying Vulnerability Management to Zero Trust

Applying Vulnerability Management to Zero Trust

Season 3, Episode 11: Vulnerability management is critical to any Zero Trust strategy, but you probably already know that. Fortra’s Tyler Reguly breaks down severity vs. risk.Catch this episode on You...

1 Elo 202445min