How Did We End Up with Zero Trust?

zero trust

Francis O’Haire, Group Technology Director, DataSolutions informs us about Zero trust and the way this has developed over time in businesses.

Technology doesn’t sit still. It has to evolve constantly. It needs to update, to adapt while the landscape all around it seems to change at a seemingly ever-increasing pace. Technology is constantly called upon to deal with challenges, to solve problems. One area of IT that has borne witness to all of this, a subject capable of grabbing the headlines in mainstream media and the more specialized press, is cybersecurity (or the apparent lack of it). Breaches and hacks, bad actors and cyberthieves – not a day seems to go by without another story regarding a well-known company being compromised. Big or small, going after an organization (specifically, its digital assets – data, information) is big business for cybercriminals. Why kidnap a wealthy business person for a ransom when you can do so with a few clicks on a keyboard? Why risk a bullet in a botched hold-up when you could strike gold via a company server?

Today, IT security faces all sorts of challenges, not least of all from a cybercriminal cabal who are collectively able to adapt, outsmart new defenses and make everybody else play catch-up. Hardly surprising then that we have arrived at a way of thinking whose mantra is, ‘trust nobody.’ When your default position is to verify anything and everything that attempts to connect to your IT systems before access is approved, then you have arrived in the world of ‘Zero Trust.’

Once upon a time, firewalls were the darlings of IT security – they protected an organization’s networks from any external threats. While firewalls could offer a reasonable defense against an intruder on the outside trying to gain access to the inside, they relied upon the fact that everyone inside was ‘friendly,’ i.e., if an attacker did gain entry to the inside, then they could pretty much run amok and cause havoc as they pleased. And if you consider that the overwhelming majority of network traffic in a data center is East-West traffic (between internal systems), then that traffic is not getting inspected by any firewall security. In short, nothing is preventing any ‘sideways’ travel from one compromised system/device to a ‘clean’ one.

These fairly straightforward concepts of inside a network vs. outside a network seemed to make sense. People worked in offices with centralized systems and networks, data and resources were also relatively centralized, so it was much easier to keep a lid on things. However, the whole IT landscape has changed today- sensitive data and information, company resources, which are now likely to be spread across data centers, branches, clouds, and mobile devices. Under these conditions, traditional firewall security doesn’t make the cut – there is no longer a clearly defined perimeter.

It is still impossible to defend against every single iteration of a cyber-attack – there is no silver bullet, no one single security solution that fits all. However, it is possible to look at IT security from an alternative angle, seeking to provide a more robust approach to system access. It is fair to say that there is no visible end to threats/vulnerabilities – almost impossible to control. However, system access is something that you can control; you can measure it, quantify it. By concentrating your efforts on system access, you take the driving seat concerning security. This explains the idea behind Zero Trust. It isn’t a single product or solution rather an overarching theme whereby an organization nullifies any threat seeking to gain access to their system. In a Zero Trust environment, effectively, you trust nobody. Indeed, over a decade has elapsed since Forrester described this environment where no system or user is trusted (inside or outside the corporate network) without being positively identified and authorized.

Zero Trust comes at a time where organizations of all shapes and sizes have had to deal with changing working habits. While things like remote working and working from home were already familiar to a minority, COVID came along, and suddenly the majority of us found ourselves working like this. The demand for accessing your organization’s networks from outside of the traditional perimeters probably went through the roof. Suddenly, corporate intellectual property, client information, financial data, and any other company resource needed to be accessible to workers via their smart devices or home laptops. Suddenly your organization is largely operating outside of the traditional centralized network. Great news for cybercriminals who now have a much larger attack surface to consider, an increase in potential entry points, more weak spots. Little wonder then that a Zero Trust approach to security makes all the sense in the world.

Read More:

We have already stated that Zero Trust is no one single product or solution. Achieving Zero Trust involves other technologies such as strong identity management and authentication and a change in processes within the organization. However, as we grapple with a changing work landscape, multi-access networking requirements, new mobile hardware, etc., Zero Trust affords us a secure way forward in such highly dynamic times.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...