Securing a world without boundaries

In legacy environments, IT resources were contained within clearly defined boundaries. Whatever resided externally was untrusted and all internal traffic was inherently trusted. And now? We live in a hyper-connected world, where everything is increasingly interconnected. The perimeter has essentially dissolved for most modern enterprises.

72% of survey respondents indicated their organisations experienced between one and 10 cyber incidents and breaches in the last year alone. When securing the enterprise, we can no longer inherently trust anything. The challenge today becomes, “how can you remove inherent trust altogether?” It’s a revolutionary change to the way we build modern security architectures. Fortunately, Zero Trust has the capabilities to meet the task.

Enter Zero Trust

Zero Trust is not a technology or a single solution. It is a set of architectural policies that are based on the fundamental principle of “never trust, always verify”. The concept commits to shifting from the traditional perimeter-based or “castle and moat approach” of managing security, to one where trust is established between individual resources and consumers, as and when required. With Zero Trust, trusted connections are established based on internal and external factors, which are constantly revalidated.

What is driving the move to Zero Trust

1. The rapid pace of digitisation is increasing IT complexity and driving up cost.
2. An increasingly mobile workforce now expects to be able to work from anywhere, on any device.
3. The development of digital products and services shifting towards cloud adoption.
4. The demand for better and easier business collaboration and supply chain integration.
5. Adversaries are very sophisticated and are outmatching current cyber defences.

Real-time access control

Finally, we have the power to compute and the technology to inform dynamic and risk-based access control decisions in real-time.

It’s no longer binary: Allow or Deny. Every connection request can be verified against a set of contextual factors to derive a risk-based access decision:

• Is the source connection from an authenticated and authorised user?
• Is it coming from a known and secure device?
• Does this person usually connect from this geographic location?Is the time of connection consistent with the user’s history?
• Are there any other signals or threat intelligence that should be taken into consideration before access is granted?

The current situation

Our 2021 survey outlines the challenges of managing cyber risk across the enterprise faced by CIOs and CISOs. Their greatest challenges are transformation and Hybrid IT, with cyber hygiene, talent limitations and shadow IT not far behind. Those challenges will only get more complex through accelerated digital transformations. We must start over and build security architectures that can sustain the increasing speed of digital transformation. The time to act is now!

Step by step

Most companies—knowingly or unknowingly—have embarked on a Zero Trust trajectory. Their approaches differ by the degree they are tactical, architectural or strategically led. While Zero Trust is relevant across all industries and sectors, there is no one-size-fits-all solution. Zero Trust is a multi-year initiative—a transformational change, that breaks down the silos between business, IT and the various cyber domains. Any Zero Trust journey will face pitfalls and obstacles requiring strong leadership support, investment and buy-in from across your organisation to ensure success.

Consideration needs to be given to the business drivers, existing capabilities and use cases relevant to your organisation. It’s important to keep cyber fundamentals in mind: What are you trying to protect? Where do those assets reside? Who (identities) and what (devices) should be able to access those assets and under what conditions? To answer these questions, organisations need to prioritise IT asset management and data governance capabilities to understand the classification and criticality of their assets and data...and leverage this context when creating access control policies. Then defining your goals and embedding them in your end-to-end strategy is the surest way to achieve your desired business outcomes. This, however, isn’t easy. When asked about their biggest challenge in managing cybersecurity across their organisation, “increase of data management/ perimeter and complexities” was the number one hurdle cited by respondents.

Much more than a technology solution, Zero Trust is a cultural change. The change to the overall organisation cannot be underestimated. Softer factors such as communications, role-specific training, awareness and operational process adjustments are key elements for success. Overall, such programmes require a strategy aligned to the business, supported by strong leadership, dedicated architecture, technical workstreams and compelling pilots, that coalesce the commitment across all stakeholders.

An enormous upside

Embedded in a corporate strategy, Zero Trust can bring a series of strategic advantages. By reducing operational complexity and simplifying ecosystem integration it can:

• Improve customer experience
• Enhance business agility
• Improve business resilience
• Reduce the threat surface
• Realise cost savings
• Improve collaboration with business partners
• Accelerate cloud adoption

The North Star

Tech giants are leading the Zero Trust maturity journey and apply these principles to develop, run and deliver secure services. Other leading organisations are adopting Zero-Trust strategies to support business priorities, digital transformation and corporate risk strategies. When modernising your own architectures, understanding how the leaders innovated and achieved tremendous scale can help drive your digital transformation, too. There is no doubt the change is happening. The sooner you take charge of your transition to Zero Trust, the safer the journey will be. It’s far better to be in the driver’s seat, determining your destination...the time for Zero Trust is now.