Hello, I'm Nick Holland with Information Security Media Group, and I'm joined by Dave Lewis who is the global advisory CSO for your security. Dave, welcome. Thank you for having me. So, Dave, we're doing a series of roundtakes coming up on the topic of zero trust, and specifically the site is a five-step program to zero trust.
We talked a lot about zero trust in the recent years, you know, it's been something that's been clearly a topic that's bubbled to the surface, but more relevant than ever right now. Can you give you a take on basically what it is and why it's finally kind of aging? Well, this is a phrase that was going back in 2010 by analysts over at Forrester Group, and it really has resonated because it is something that has stuck with people and it's really in front of mind for them. And it really is a wrapper for us to go back and look at all of the things that we should have been doing right for the last 25-70 years, and getting back to the core fundamentals and making sure that we are reducing the risk of organization overall.
So, that is a lot of the driving force behind this terminology. What's specific now, I mean, other than the obvious remote work environment? Well, there have been a rash of the ingredients over the last couple of years that just seem to be continually escalating, and it really has gone to the point where, you know, security professionals putting the hands up in the air and saying enough of this, there has to be a better way. And a lot of ways we have to move away from stuff like strategies and passwords and things to that effect to help limit the exposures that we have online, because humans being humans, we do have a tendency to reuse user names and passwords on multiple sites.
So, this is going to clearly be a variety of driving forces to the remote workforce we're experiencing today, one more than others, it doesn't need to be spelled out. But did you think it's now a permanent shift? You know, I think we've now moved to a remote working environment almost universally. Is that going to spring back to you think?
I think there will be definitely a group of people sort of springing back to the way things were before, because, you know, we tend to want to be engaged with other people face to face. You know, I myself and remote worker for bordering on 15 years now, so I'm used to it, but the best majority of workers aren't used to this paradigm shift, and working from home is very different for a lot of people, and it requires a different mindset. You know, when they've always talked about, oh, yeah, I love to work from home, and then when they're finally confronted with it, it is a little bit of a different animal than they might have anticipated. And it's going to take some of the shift, but yes, I think a huge catalyst has fallen on us, and it is really going to drive the shift to more people being able to work remotely once this all passes.
So one of the things I've been hearing about in terms of concerns with the newly remote worker is, I mean, there's obvious things like lack of bandwidth and problems with VPNs and so on and so forth. But there's one of the biggest issues to keep coming is this concern about shadow IT, so if you don't provide people with the tools they need for operational efficiency, they'll just circumvent you with whatever. How can I prevent that, or at least put a wrapper on it? Well, it's a really interesting thing about shadow IT is this is nothing new.
In fact, back in the late 90s, I was running into shadow IT operations back then, so this is really nothing new. It's more of a spring in front of my now, because people are looking for the possible errors that could go wrong. Because everybody's remote, nobody's on site, they want to make sure that any of these shadow ITs, gunports operations, they're springing up are things that can be managed. They're not going to negatively impact the infrastructure.
Shadow IT is actually a very good thing because it helps to illustrate where we may be collectively falling down to help support our staff and making sure that they need to get their jobs done. So if they have to resolve to shadow IT and order to accomplish that, I'd take it more of a learning experience as opposed to a detriment. And then, okay, just finally, what sort of wisdom we provide in terms of dealing with a newly remote worker, what advice would you give for the security deckers? I was dealing with a security executive to deal with remote workers is make sure you were there to help enable them.
Do not help them get to know. You want to make sure that they are, you know, this is an even scary thing for a lot of people. They are not used to being working from home. They're not used to being on a conference call and having their kids walk in the middle of it.
You know, I'll be at that was a meme a couple of years ago. Now this is a daily occurrence. So you want to make sure you're enabling them and providing them all the tools they need in order to accomplish their job and be there to answer the questions when they have them because they're going to be lots of questions. This is definitely a new way of doing business for many, many people.
So helping to educate them is absolutely paramount in order to ensure the security of your organization. Okay, very good. Well, Dave, as I mentioned, we have a couple of round table discussions coming up looking forward to certainly digging deeper on the topic of zero trust in the five step program that we can obviously discuss at length at those events. So that was a day Lewis who is from geo security and from my security media group on the card.