Cybersecurity: Zero Trust Architecture in the ITS Capstone Class
As advancements in style, type, and strength of cyber-attacks increase, cybersecurity infrastructure must continuously change with it. Jim Gay, instructor of the ITS 4440 capstone course, worked at Nationwide Insurance for almost 46 years since graduating from 91探花 with a degree in Computer Science.
At Nationwide, Gay started out in Application Program Development, working his way up to Nationwide鈥檚 first-ever Infrastructure Chief Technology Officer and eventually assumed a Vice President position.
Recently, Gay spent time developing lecture content and a new final project for the 4440 course that introduces students to a new method in cybersecurity infrastructure: Zero Trust Architecture. The project is not only a culmination of what students have already learned but an introduction to timely network and business-specific topics.
鈥淚 believe that the network and the network technical people need to become security experts,鈥 says Gay. 鈥淓ven though they do not necessarily work on the security team, eventually this split between what the security team does and what the network team does will begin to merge together.鈥
The implementation of Zero Trust Architecture is essential to protect networks from advanced cybersecurity attacks. In earlier security software, security specialists focused on firewall protection against outside hackers. Now, even higher and more advanced firewalls will not stop cybersecurity attacks.
鈥淭here are now about 60,000 type attacks a second, according to some of the security experts,鈥 says Gay. 鈥淪o, what the landscape is, is instead of protecting your network, from the perimeter, you now have to assume that you will have some bad actors inside your network.鈥
To successfully implement Zero Trust Architecture and target bad actors in a system鈥檚 network, companies now must focus on user identity management, the security posture of the device said user is on, and the network they are using. A great example of identity management is multi-factor authentication which allows security teams to prove the user is who they say they are.
Another important component of Zero Trust is that it functions even when bad actors breach a network. Security teams work on setting up firewall-like structures within networks that require users to have access to particular applications before letting them enter different parts of a network's space.
鈥淭his is verifying trust, we verify your identity, your access, your credentials, the quality of your endpoint, the quality of your network, and then we allow you into the applications that you are authorized to,鈥 says Gay.
It is not only vital to pinpoint which parts of the network are compromised but who and where they are coming from. The Russian attacks in Ukraine began with Russian taking Ukraine鈥檚 governmental technology offline. While Russia is known for government-advised cybersecurity attacks and denied claims that it does so, Russia has not denied recent cyberattacks on Ukraine.
鈥淪tate-sponsored cyber terrorism is rampant, which makes it more threatening and more available in the landscape,鈥 says Gay. 鈥淧art of warfare in the current state is to knock out strategic things, not with bombs, but with technology and data. So, zero trust is an important factor for every corporation to be thinking about how they implement that.鈥
With the changing technological landscape, the McClure School wants to offer ECT students the experience and guidance they need to become knowledgeable in a myriad of aspects of the technological field. The capstone project gives students the opportunity to dissect and research Zero Trust solutions for a fictitious company encountering cyberattacks.
鈥淭he real idea here then is here is a concept, here is an evolving thing, that is pretty hard to learn a lot about yet when you get into a business organization, it is going to be really important,鈥 says Gay.
The McClure School of Emerging Communication Technologies strives to offer the best academic programs in the IT (Information Technology), the game development and the Virtual Reality/Augmented Reality (VR/AR) industries. Our programs and certificates cover numerous aspects of the rapidly changing industries of information networking, cybersecurity, data privacy, game development, digital animation and the academic side of esports.