In a zero trust world, where is the UK?

President Biden's Executive Order has opened the doors to Zero Trust - but will Boris Johnson follow suit? Tony Scott, board member, ColorTokens, former federal CIO for the Obama administration, offers his insight.
President Biden’s Executive Order has opened the doors to Zero Trust, but will Boris Johnson follow suit? Tony Scott, board member, ColorTokens, former federal CIO for the Obama administration, offers his insight.

Whether you are a business or an individual, you are a target. For whom? Well, it’s difficult to put names to the largely masked faces, but the fraternity of cybercriminals that operate globally around the clock don’t really care about their victims. Sure, one big ransomware attack on a large enterprise can yield a tidy profit, but so can countless smaller-scale ransomware attacks on the general public. Not a day seems to go by without another headline acknowledging cybersecurity failures.

Cybercriminals have had their fun via various GDPR breaches, with some eye-watering fines dished out to those organizations in question and have recently taken to attacking all kinds of superstar targets – the NHS, Microsoft, LinkedIn, etc Marriott Hotels and even Garmin. And all of these incidents serve to illustrate the (largely) ineffective cyber defences and response solutions employed by said organizations. For example, the widely reported Solar Winds hack of late 2020 targeted the Department of Homeland Security, the Treasury Department, and very high-profile victims. This particular hack highlighted the generally futile approach of a reactive response, rather than being proactive and assuming a breach is already happening. Slapping yourselves on the back because you’ve managed to bolt the barn door long after the horse ran off, doesn’t quite cut the mustard here.

And all too often the finger of blame is pointed at the employee: they are accused of poor security hygiene; they are suckers for a dodgy phishing link; they use work devices for personal tasks; etc. And yes, all of these things might have a ring of truth to them, but in reality we should be holding the enterprise responsible. Their IT networks are designed to exchange and use information in a way that actually presents a massive attack surface to cybercriminals, who are able to deploy laterally through such networks, looking for whatever is of interest to them. To add fuel to the fire, enter COVID-19. With an almost overnight shift to remote working (or hybrid models), the pandemic put huge pressure on already stressed IT departments to accelerate digital transformation. These IT infrastructures weren’t designed for a largely remote workforce. Cybercriminals, however, were rubbing their hands with glee: perfect conditions and greater opportunities for their nefarious activities.

If cyberthieves can go about their (bad) business without detection by taking advantage of trusted processes, then those systems are not fit for purpose. It’s time to move the goalposts and trust nobody. Enter Zero Trust.

The zero trust concept

The shift to remote working means that people often need access to data that lives in your organization’s data centres. To facilitate this access, businesses regularly make use of virtual private networks (VPNs). However, the use of a VPN opens up your infrastructure to networks and devices that you ultimately can’t control. You need to know who is connecting to your apps, what kind of device they are using. and associated access requirements. That’s the underlying concept behind Zero Trust network access (ZTNA): the provision of uninterrupted connection to your apps minus any risk to your data. By using ZTNA, an organization can effectively hide apps outside of the public internet with only authorized users granted access. With Zero Trust, the defining mantra is to trust nobody from the outset: everyone is a potential threat.

Biden buys in

Following on from the Solar Winds debacle, it was widely reported that the US government was considering reorganizing its cybersecurity approach by making the Cyber Command independent from the National Security Agency. So it came as no surprise to see US President Joe Biden giving his full support to the Zero Trust approach with an Executive Order that seeks to improve the nation’s cybersecurity, with specific emphasis on Zero Trust architecture. Zero Trust security architecture offers the most effective and practical solution to the ongoing escalation of cyberthreats. Using ongoing surveillance and checks, IT infrastructure becomes more of a stronghold – it is difficult to get in, and even harder to remain undetected.

READ MORE:
What About the UK?

Irrespective of Biden’s Executive Order, Zero Trust is already becoming the de facto approach for organizations all over the world. So, what about the UK? Well, currently there has been no endorsement of Zero Trust technology from 10 Downing Street. Was it a topic of conversation during Boris Johnson’s recent face-to-face meeting with the US President? Who knows, but it would be nice to think that it was given the disruption and chaos that a major cyberattack can cause to individuals, businesses, and even the government—and yes, that includes you, Mr Prime Minister. We can only hope that the familiar copycat tactics that the UK tends to adopt after the US rubber stamps something will apply to Zero Trust too.

Zero Trust security thinks the worst and assumes networks are not secure unless proven otherwise. The UK government needs to demonstrate its commitment to cybersecurity by recommending that organizations adopt the Zero Trust approach.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...