Without robust conditional access policy engines, organizations are ‘leaving the door wide open’
By Corinium Global Intelligence
The path to a resilient security framework begins with a simple principle: never trust, always verify.
But for Sean Greenberg, a Senior Cloud Security Engineer working in the financial sector, the journey toward a mature Zero Trust architecture hinges on another core control.
“It really all revolves around conditional access and the multifactor authentication policy engine,” Greenberg says. “If you’re not securing identities first, you're leaving the door wide open.”
Conditional access means only allowing a user in if they satisfy certain criteria, which are assessed based on real-time signals like device health, location, and the user’s behavior patterns.
Lock the front door
And this, Greenberg says, is the critical first control every CISO should prioritize when building or fortifying Zero Trust architecture – which is, after all, about assuming breach and verifying every connection, human or machine, before granting access.
“Anything can have an identity – a person, app, machine,” he explains. “Securing your identity landscape is foundational. Conditional access lets you say: ‘If a device isn’t compliant, don’t let it in.’ And before it even gets that far, enforce multi-factor authentication.”
Pairing mobile device management (MDM) with conditional access creates a feedback loop of trust. Devices enrolled through MDM can automatically receive hardening policies, anti-malware, and endpoint protection tools, raising the security baseline.
At the same time, it streamlines the user experience, which is key to preventing fatigue. If users are constantly called upon to answer security prompts, they are more likely to click on malicious ones.
“Over-prompting users is just as dangerous as not prompting at all,” Greenberg notes. “Conditional access lets you be strategic. It’s smarter security, not just more security.”
Show your work
Such security measures aren’t free, and for CISOs under pressure to justify security spending, metrics matter. But, Greenberg says, the context matters as well.
“The C-suite doesn’t care if you have the shiniest new tool,” Greenberg says. “They want to know what it’s doing for them.”
Tracking phishing test results, vulnerability remediation trends, and MFA blocks on malicious log-ins can offer tangible proof of progress. But Greenberg advises security leaders to be realistic: Spikes in metrics aren’t always signs of failure – they’re opportunities for context and communication.
“When something jumps, like phishing click rates or blocked logins, explain it. Maybe there’s a new threat campaign,” he says. “Show that you’ve responded and brought it back down.”
This approach also helps security teams demonstrate responsiveness and resilience, not just compliance, Greenberg says.
Balance cost and value
As cloud attack surfaces grow, so does the volume of log data – much of it expensive and low-value.
To manage that cost, Greenberg suggests a tiered storage model, keeping high-value logs in hot storage for quick access, and pushing low-priority data to cold storage for compliance purposes.
“Some people don’t even keep certain logs – that can be risky. But you have to balance access, cost, and value,” he says.
Automation and third-party audits also help refine logging strategies and surface blind spots. Greenberg recommends regular runbook reviews and external evaluations to identify coverage gaps and optimize alerting.
Greenberg also highlights two emerging risks that he believes remain under-resourced: managed identities and malicious AI.
Managed identities – commonly used in cloud platforms to authenticate workloads – often accrue dangerous levels of privilege, while receiving little scrutiny.
“They’re called managed, but nobody’s managing them,” he says. “They get privilege sprawl, and since no one signs in with them, they fly under the radar.”
And another concern: the rise of generative AI-powered attack platforms.
“There are full large language models for hire now,” Greenberg warns. “They write phishing emails, exploit code, spin up infrastructure, all with subscription access.”
These tools dramatically lower the barrier to entry for sophisticated attacks, creating a race between attacker innovation and defender adaptation.
Future-proof security with AI and culture
But defenders are leveraging AI as well. Greenberg’s team uses AI-driven security analytics to prioritize remediation efforts, generate policy guidance, and even automate employee support through AI agents.
“We’ve turned AI agents against our own environment,” he says. “They tell us what we’re missing, benchmark us against Open Worldwide Application Security Project Top 10, and help guide next steps,” he says. “It’s like having a teammate with the internet as its brain.”
At the heart of effective cloud security strategy is cross-team collaboration. Greenberg views security culture not as a buzzword, but as a critical enabler.
“If you’re constantly setting off the fire alarm, people stop listening. But if teams trust you – if you’ve built those relationships – they’ll act quickly when you say something is serious.”
Ultimately, Greenberg believes a CISO’s most important role is to serve as a connector between security and the rest of the business, and that tools are only as strong as the culture and collaboration that support them.
“They need to be the relationship-builder across the org,” he says. “It’s their job to make sure the business doesn’t try to break every security rule just to get something done. The best CISOs help the org move fast and safely.”
Network with senior cybersecurity leaders in February 2026: sign up for CISO Financial Services New York