Why companies should implement Zero Trust

The Zero Trust concept essentially means that nobody using a network is automatically trusted, everything must be questioned, and rights are granted and validated on an ongoing basis, depending on the access requested. Many organisations have found this method to be incredibly effective in warding off potential security threats and data breaches, especially within today’s digital age, whereby more organisations are harvesting valuable data across multiple vendors in the cloud, explains Marc Lueck, CISO EMEA, Zscaler.
The Zero Trust concept essentially means that nobody using a network is automatically trusted, everything must be questioned, and rights are granted and validated on an ongoing basis, depending on the access requested. Many organisations have found this method to be incredibly effective in warding off potential security threats and data breaches, especially within today’s digital age, whereby more organisations are harvesting valuable data across multiple vendors in the cloud, explains Marc Lueck, CISO EMEA, Zscaler.

In the current digital age, many organisations are having to rapidly adopt new ways of managing network security, as traditional approaches become outdated and no longer sustainable in the era of the cloud. According to the Office of National Statistics1, 46.6% of people in employment worked from home in April last year. This dramatic rise in remote working is just one of the reasons why employees require a secure and reliable IT infrastructure. As applications leave the secure perimeter of the office walls, employees require ever more reliable access to a secure cloud environment.

Zero Trust refers to the idea that every user will start with zero access rights to a system by default, and that nobody is treated to some privilege just because they are on the network. This ties in with the tried-and-tested principle of least privilege, in which users are only granted access to resources and information for a legitimate need. With Zero Trust, essentially nobody is automatically trusted meaning everything is questioned, and rights are granted on an ongoing basis. Many organisations have found this method to be incredibly effective in warding off potential security threats and data breaches – especially within today’s digital age, whereby more organisations hold data across multiple vendors in the cloud.

VPN solutions are not sustainable

A virtual private network (VPN) essentially extends a private network across a public network, allowing users to access and receive data across a shared network. This enables them to operate the device as if it were directly connected to the private network. Despite the efficiency of VPNs throughout the last year and a half, these servers have many vulnerabilities which makes them a prime target for hackers. Before the pandemic, VPNs were primarily used by individuals travelling for business or people who would like to access corporate resources out of normal working hours. Because of this, VPN traffic held a small share of total traffic to the network, meaning IT security teams did not need to patch VPN servers too often. A VPN essentially brings users onto a network and provides unfettered access to anything else on that network, which is an unnecessary risk.

If the last year has proven anything, it is just how serious VPN attacks are and showcase how attackers have the ability to exploit vulnerabilities and take control of an affected system. According to the 2021 VPN Risk Report2, 93% of companies are leveraging VPN services, yet 94% are aware that cybercriminals are targeting VPNs to gain access to network resources. In addition to this, 72% of organisations are concerned that VPN may jeopardise the IT team’s ability to keep their environments secure and 67% of enterprises are considering a remote access alternative to a traditional VPN. These findings suggest that organisations are starting to rapidly address and rethink the security infrastructure of their networks.

Looking ahead, it is clear to see that the future of working will remain cloud-based and remote-enabled. However, the question remains as to whether VPNs will scale and become secure enough to support this. To effectively manage this, organisations should implement a cloud-enabled Zero Trust architecture, which gives users secure access to private applications and establishes connectivity from specifically authorised applications.

Is Zero Trust the solution?

Zero Trust assumes all applications and services are malicious which significantly reduces the risks of attacks. This is because it uncovers what is on the network and assesses how those assets are communicating. Additionally, a Zero Trust model eliminates overprovisioned software and services by continuously checking the credentials of every communicating asset. Despite the rapid evolution to cloud service provider security, workload security remains a shared responsibility between the cloud service provider and the organisation using the cloud. With Zero Trust, security policies are based on the identity of communicating workloads and are tied directly to the workload itself, resulting in security staying close to the assets that require protection. This means that these assets are not affected by network constructs such as IP addresses, ports, and protocols. Protection, therefore, travels with the workload where it tries to communicate but also remains unchanged even if the environment itself changes.

Zero Trust solves a lot of the challenges organisations are currently facing when it comes to reducing security risks. Despite this, not every enterprise will opt for the approach, so the process will take a long time. An example of why a company may choose not to implement Zero Trust could be the unrealistic costs involved or a lack of drive for digital transformation. If an organisation develops its own applications or software, this may not be able to accommodate Zero Trust and will therefore dictate whether or not a company can adopt it. Additionally, it will determine the effort and perhaps unachievable costs required. However, one thing that is for sure is that those deciding not to opt for the Zero Trust approach will become an easy target for cybercriminals.

Innovations such as automation and machine learning can enhance the path of entry into Zero Trust. When it comes to implementing this process, organisations should consider four key pillars. These are the users, applications, networks, and processes for all transformation projects. For example, if an app is moved to the cloud, but the user is not happy with the experience accessing it, then something is wrong, and it will need addressing.

READ MORE:

By considering a cloud-first Zero Trust approach to security and connectivity, organisations will not only be able to reduce the risk of attacks, but they will also be able to stay competitive and embrace digital transformation further down the line.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of Zero Trust, Security & Data, Why companies should implement Zero Trust

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

The critical role of data integrity in generative AI

Anjan Kundavaram • 23rd November 2023

The quest to harness the full potential of generative AI relies on finding trustworthy data to achieve outstanding results for diverse use cases. With the continued growth and transformative impact of generative AI, business leaders need to ensure that the data being fed into it has integrity.

Navigating a CTO-as-a-Service arrangement

Cyril Samovskiy • 21st November 2023

Attracting a top-tier Chief Technology Officer (CTO) can be challenging at the best of times, but for tech startups – who often have limited resources, a yet-to-be-proven product-market fit, and financial instability – it can be even more so. Add tech’s ongoing talent shortage to the mix, and it’s easy to see why CTO-aaS is...

The Importance of SBOM and CVE in Medical

Diego Buffa • 18th November 2023

This article explores the critical landscape of medical device cybersecurity, focusing on the IMDRF’s “Principles and Practices for Medical Device Cybersecurity.” It advocates for a holistic approach throughout the product life cycle, with particular emphasis on the vital role of the Software Bill of Materials (SBOM). The article addresses the FDA’s stringent postmarket vulnerability reporting...

AI powered fused spurs unveiled by measurable.energy

Diana Kamkina • 15th November 2023

measurable.energy, experts in eliminating wasted energy, are proud to announce the launch of their latest innovation – fused spurs. This highly anticipated addition to their product line is set to transform the landscape of energy management in construction and commercial buildings.

Technology for a Sustainable Tomorrow

Mark Robison • 09th November 2023

We currently face the critical challenge of reducing carbon emissions in an effort to reach net zero targets. This is the challenge of our lifetime and for many more generations to come. Fortunately, this challenge has ushered in a new era of innovation, where technology plays a leading role in creating a sustainable future.

Preparing UK Businesses for the Coming PSTN Switch Off

Chris Wade • 01st November 2023

The PSTN Switch Off will require a robust framework of action as all business sectors will be impacted. In order to stay ahead of this significant change, businesses must start considering new, digital alternatives such as VoIP based communication technology.

Dark Fibre’s Role in Supercharging Edge Data Centers

Sean Lowry • 18th October 2023

In response to Proximity Data Centre’s e-book, Glide’s CTO, Sean Lowry explores the impact of low latency on gaming, the Metaverse, and AI. He explains how dark fibre and Glide’s “Fibre Cities” are primed to support the evolving needs of edge data centres and seamless connectivity.

Smart Labels and the intersection of technology and logistics

Sam Colley • 13th October 2023

The delicate fabric of the ever-evolving technological landscape is being rewoven with the introduction of game-changing elements like smart labels, which are bringing the logistics industry to the forefront of innovation. These technological wonders are not only transforming the landscape of logistics, but they are also unlocking a multitude of options where precision, discretion, and...