How cyber is shaping the future.
72% of survey respondents indicated their organisations experienced between one and 10 cyber incidents and breaches in the last year alone. When securing the enterprise, we can no longer inherently trust anything. The challenge today becomes, “how can you remove inherent trust altogether?” It’s a revolutionary change to the way we build modern security architectures. Fortunately, Zero Trust has the capabilities to meet the task.
Zero Trust is not a technology or a single solution. It is a set of architectural policies that are based on the fundamental principle of “never trust, always verify”. The concept commits to shifting from the traditional perimeter-based or “castle and moat approach” of managing security, to one where trust is established between individual resources and consumers, as and when required. With Zero Trust, trusted connections are established based on internal and external factors, which are constantly revalidated.
There’s a misconception that adopting the Zero Trust concept requires a massive “rip and re- place” initiative. It’s important to step back and think strategically about taking iterative and incre- mental steps towards achieving your target state.
Andrew Rafla, US Zero Trust Leader, Deloitte Cyber
Finally, we have the power to compute and the technology to inform dynamic and risk-based access control decisions in real-time.
It’s no longer binary: Allow or Deny. Every connection request can be verified against a set of contextual factors to derive a risk-based access decision:
Our 2021 survey outlines the challenges of managing cyber risk across the enterprise faced by CIOs and CISOs. Their greatest challenges are transformation and Hybrid IT, with cyber hygiene, talent limitations and shadow IT not far behind. Those challenges will only get more complex through accelerated digital transformations. We must start over and build security architectures that can sustain the increasing speed of digital transformation. The time to act is now!
Most companies—knowingly or unknowingly—have embarked on a Zero Trust trajectory. Their approaches differ by the degree they are tactical, architectural or strategically led. While Zero Trust is relevant across all industries and sectors, there is no one-size-fits-all solution. Zero Trust is a multi-year initiative—a transformational change, that breaks down the silos between business, IT and the various cyber domains. Any Zero Trust journey will face pitfalls and obstacles requiring strong leadership support, investment and buy-in from across your organisation to ensure success.
Consideration needs to be given to the business drivers, existing capabilities and use cases relevant to your organisation. It’s important to keep cyber fundamentals in mind: What are you trying to protect? Where do those assets reside? Who (identities) and what (devices) should be able to access those assets and under what conditions? To answer these questions, organisations need to prioritise IT asset management and data governance capabilities to understand the classification and criticality of their assets and data...and leverage this context when creating access control policies. Then defining your goals and embedding them in your end-to-end strategy is the surest way to achieve your desired business outcomes. This, however, isn’t easy. When asked about their biggest challenge in managing cybersecurity across their organisation, “increase of data management/ perimeter and complexities” was the number one hurdle cited by respondents.
Much more than a technology solution, Zero Trust is a cultural change. The change to the overall organisation cannot be underestimated. Softer factors such as communications, role-specific training, awareness and operational process adjustments are key elements for success. Overall, such programmes require a strategy aligned to the business, supported by strong leadership, dedicated architecture, technical workstreams and compelling pilots, that coalesce the commitment across all stakeholders.
Embedded in a corporate strategy, Zero Trust can bring a series of strategic advantages. By reducing operational complexity and simplifying ecosystem integration it can:
Tech giants are leading the Zero Trust maturity journey and apply these principles to develop, run and deliver secure services. Other leading organisations are adopting Zero-Trust strategies to support business priorities, digital transformation and corporate risk strategies. When modernising your own architectures, understanding how the leaders innovated and achieved tremendous scale can help drive your digital transformation, too. There is no doubt the change is happening. The sooner you take charge of your transition to Zero Trust, the safer the journey will be. It’s far better to be in the driver’s seat, determining your destination...the time for Zero Trust is now.
The time has come to fully leverage Zero Trust principles and build modern security architectures, that can keep up and enable digital transformation.
MARIUS VON SPRETI, GLOBAL ZERO TRUST LEADER, DELOITTE CYBER