Whatever the future holds in the geopolitical sphere, the company’s pivot to a zero-trust model should help further protect it from vulnerabilities (micro or macro), support secure growth, and enable the overall mission of service to continue.
Imagine the ultimate set of velvet ropes: nobody’s on the list. Never mind what happens in comic books; there’s no such thing as an indestructible material. In the real world, even the most durable items are vulnerable to microscopic cracks that will, under the right conditions, expand and cause failure. Sometimes catastrophically. And more surface area means more vulnerability.
The same principle, as any chief information security officer (CISO) might tell you, applies to cybersecurity: a micro vulnerability—like a moment’s inattention from an employee—can expand into a profoundly damaging data breach.
Every enterprise contends with this dynamic; one global pharmaceutical company decided to address it head-on. The company’s surface area was already considerable—tens of thousands of employees; thousands of research and logistics partners and third-party service providers; plus, the patients, physicians, and other health care providers around the world that relied on them. Even so, there were emerging markets left unserved, and leaders wanted to expand accordingly.
This posed a considerable challenge: How could the company maintain the collaboration its current stakeholders enjoyed on its network, extend that access to even more stakeholders, and continue safeguarding its sensitive data? How could it prevent information loss when its employees and contractors travelled to these high-risk markets? And how could it do so while adhering to local cultural norms and business models, and complying with recent cyber laws and requirements?
The solution would require a complete rethink of the company’s network architecture, with a coordinated program of security controls that could support growth in risky environments without compromising data. Therefore, company leaders reached out to Deloitte’s Cyber & Strategic Risk practice.
As a concept, the Deloitte team proposed shifting the company’s IT architecture to a zero-trust approach where every request to connect to the company’s network would be treated as though it came from an unknown actor. It would be like having the ultimate set of velvet ropes: nobody is on the list, and everyone gets verified.
And when someone is ushered in, assigned seats only. Before, someone accessing internal applications could also access the company network; with zero trust, user access is compartmentalized through detailed, policy-based controls. Users can only connect to the resources they need in the moment. (Additionally, this approach also streamlines user experience. No more navigating multiple firewalls and VPNs.)
With zero trust, every request for access is suspect. In a way (and as noted), the company’s zero-trust transformation was already demonstrating its value midstream and continues to do so today. Leaders have been provided a roadmap to achieve their target state and an executive dashboard to track achievements, risks, and risk reduction efforts. The velvet ropes are also in place: The access control solution successfully replaced the traditional VPN solution, with global users and servers migrated from proxy appliance-based internet access to cloud proxy internet access.
Whatever the future holds in the geopolitical sphere, the company’s pivot to a zero-trust model should help further protect it from vulnerabilities (micro or macro), support secure growth, and enable the overall mission of service to continue. Velvet ropes: in place. New markets: engaged.
How will your organization respond to and recover from its next potential cyber incident? And how will your organization transform its cyber capabilities to help safeguard your business and stakeholders and build trust from end to end?
How will your organization create a modern security architecture that allows your business to grow with confidence? Discover how Deloitte’s worldwide team of industry-focused cyber specialists can help you identify new opportunities for value with a Zero Trust approach. Contact us to get the conversation started.
Opens in new window