How Did We End Up with Zero Trust?

zero trust

Francis O’Haire, Group Technology Director, DataSolutions informs us about Zero trust and the way this has developed over time in businesses.

Technology doesn’t sit still. It has to evolve constantly. It needs to update, to adapt while the landscape all around it seems to change at a seemingly ever-increasing pace. Technology is constantly called upon to deal with challenges, to solve problems. One area of IT that has borne witness to all of this, a subject capable of grabbing the headlines in mainstream media and the more specialized press, is cybersecurity (or the apparent lack of it). Breaches and hacks, bad actors and cyberthieves – not a day seems to go by without another story regarding a well-known company being compromised. Big or small, going after an organization (specifically, its digital assets – data, information) is big business for cybercriminals. Why kidnap a wealthy business person for a ransom when you can do so with a few clicks on a keyboard? Why risk a bullet in a botched hold-up when you could strike gold via a company server?

Today, IT security faces all sorts of challenges, not least of all from a cybercriminal cabal who are collectively able to adapt, outsmart new defenses and make everybody else play catch-up. Hardly surprising then that we have arrived at a way of thinking whose mantra is, ‘trust nobody.’ When your default position is to verify anything and everything that attempts to connect to your IT systems before access is approved, then you have arrived in the world of ‘Zero Trust.’

Once upon a time, firewalls were the darlings of IT security – they protected an organization’s networks from any external threats. While firewalls could offer a reasonable defense against an intruder on the outside trying to gain access to the inside, they relied upon the fact that everyone inside was ‘friendly,’ i.e., if an attacker did gain entry to the inside, then they could pretty much run amok and cause havoc as they pleased. And if you consider that the overwhelming majority of network traffic in a data center is East-West traffic (between internal systems), then that traffic is not getting inspected by any firewall security. In short, nothing is preventing any ‘sideways’ travel from one compromised system/device to a ‘clean’ one.

These fairly straightforward concepts of inside a network vs. outside a network seemed to make sense. People worked in offices with centralized systems and networks, data and resources were also relatively centralized, so it was much easier to keep a lid on things. However, the whole IT landscape has changed today- sensitive data and information, company resources, which are now likely to be spread across data centers, branches, clouds, and mobile devices. Under these conditions, traditional firewall security doesn’t make the cut – there is no longer a clearly defined perimeter.

It is still impossible to defend against every single iteration of a cyber-attack – there is no silver bullet, no one single security solution that fits all. However, it is possible to look at IT security from an alternative angle, seeking to provide a more robust approach to system access. It is fair to say that there is no visible end to threats/vulnerabilities – almost impossible to control. However, system access is something that you can control; you can measure it, quantify it. By concentrating your efforts on system access, you take the driving seat concerning security. This explains the idea behind Zero Trust. It isn’t a single product or solution rather an overarching theme whereby an organization nullifies any threat seeking to gain access to their system. In a Zero Trust environment, effectively, you trust nobody. Indeed, over a decade has elapsed since Forrester described this environment where no system or user is trusted (inside or outside the corporate network) without being positively identified and authorized.

Zero Trust comes at a time where organizations of all shapes and sizes have had to deal with changing working habits. While things like remote working and working from home were already familiar to a minority, COVID came along, and suddenly the majority of us found ourselves working like this. The demand for accessing your organization’s networks from outside of the traditional perimeters probably went through the roof. Suddenly, corporate intellectual property, client information, financial data, and any other company resource needed to be accessible to workers via their smart devices or home laptops. Suddenly your organization is largely operating outside of the traditional centralized network. Great news for cybercriminals who now have a much larger attack surface to consider, an increase in potential entry points, more weak spots. Little wonder then that a Zero Trust approach to security makes all the sense in the world.

Read More:

We have already stated that Zero Trust is no one single product or solution. Achieving Zero Trust involves other technologies such as strong identity management and authentication and a change in processes within the organization. However, as we grapple with a changing work landscape, multi-access networking requirements, new mobile hardware, etc., Zero Trust affords us a secure way forward in such highly dynamic times.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Is It Time for a VMware Alternative?

Wind River • 22nd May 2025

Companies have options when it comes to replacing VMware as their cloud platform, to address rising costs, support concerns, and a shrinking partner ecosystem. If you are ready to contemplate a different vendor, here are five reasons why Wind River Cloud Platform should be on your short list of VMware alternatives.

AI Leads as VivaTech Unveils Top 100 Startups

Viva Technology • 14th May 2025

Viva Technology has unveiled the first edition of its “Top 100 Rising European Startups for 2025,” spotlighting the most promising young companies shaping Europe’s tech future. Germany, France, and the UK lead the ranking, which highlights high-growth startups across 13 countries. Artificial intelligence dominates the list, with 15 companies spanning AI agents, models, and infrastructure....

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...