How Did We End Up with Zero Trust?

zero trust

Francis O’Haire, Group Technology Director, DataSolutions informs us about Zero trust and the way this has developed over time in businesses.

Technology doesn’t sit still. It has to evolve constantly. It needs to update, to adapt while the landscape all around it seems to change at a seemingly ever-increasing pace. Technology is constantly called upon to deal with challenges, to solve problems. One area of IT that has borne witness to all of this, a subject capable of grabbing the headlines in mainstream media and the more specialized press, is cybersecurity (or the apparent lack of it). Breaches and hacks, bad actors and cyberthieves – not a day seems to go by without another story regarding a well-known company being compromised. Big or small, going after an organization (specifically, its digital assets – data, information) is big business for cybercriminals. Why kidnap a wealthy business person for a ransom when you can do so with a few clicks on a keyboard? Why risk a bullet in a botched hold-up when you could strike gold via a company server?

Today, IT security faces all sorts of challenges, not least of all from a cybercriminal cabal who are collectively able to adapt, outsmart new defenses and make everybody else play catch-up. Hardly surprising then that we have arrived at a way of thinking whose mantra is, ‘trust nobody.’ When your default position is to verify anything and everything that attempts to connect to your IT systems before access is approved, then you have arrived in the world of ‘Zero Trust.’

Once upon a time, firewalls were the darlings of IT security – they protected an organization’s networks from any external threats. While firewalls could offer a reasonable defense against an intruder on the outside trying to gain access to the inside, they relied upon the fact that everyone inside was ‘friendly,’ i.e., if an attacker did gain entry to the inside, then they could pretty much run amok and cause havoc as they pleased. And if you consider that the overwhelming majority of network traffic in a data center is East-West traffic (between internal systems), then that traffic is not getting inspected by any firewall security. In short, nothing is preventing any ‘sideways’ travel from one compromised system/device to a ‘clean’ one.

These fairly straightforward concepts of inside a network vs. outside a network seemed to make sense. People worked in offices with centralized systems and networks, data and resources were also relatively centralized, so it was much easier to keep a lid on things. However, the whole IT landscape has changed today- sensitive data and information, company resources, which are now likely to be spread across data centers, branches, clouds, and mobile devices. Under these conditions, traditional firewall security doesn’t make the cut – there is no longer a clearly defined perimeter.

It is still impossible to defend against every single iteration of a cyber-attack – there is no silver bullet, no one single security solution that fits all. However, it is possible to look at IT security from an alternative angle, seeking to provide a more robust approach to system access. It is fair to say that there is no visible end to threats/vulnerabilities – almost impossible to control. However, system access is something that you can control; you can measure it, quantify it. By concentrating your efforts on system access, you take the driving seat concerning security. This explains the idea behind Zero Trust. It isn’t a single product or solution rather an overarching theme whereby an organization nullifies any threat seeking to gain access to their system. In a Zero Trust environment, effectively, you trust nobody. Indeed, over a decade has elapsed since Forrester described this environment where no system or user is trusted (inside or outside the corporate network) without being positively identified and authorized.

Zero Trust comes at a time where organizations of all shapes and sizes have had to deal with changing working habits. While things like remote working and working from home were already familiar to a minority, COVID came along, and suddenly the majority of us found ourselves working like this. The demand for accessing your organization’s networks from outside of the traditional perimeters probably went through the roof. Suddenly, corporate intellectual property, client information, financial data, and any other company resource needed to be accessible to workers via their smart devices or home laptops. Suddenly your organization is largely operating outside of the traditional centralized network. Great news for cybercriminals who now have a much larger attack surface to consider, an increase in potential entry points, more weak spots. Little wonder then that a Zero Trust approach to security makes all the sense in the world.

Read More:

We have already stated that Zero Trust is no one single product or solution. Achieving Zero Trust involves other technologies such as strong identity management and authentication and a change in processes within the organization. However, as we grapple with a changing work landscape, multi-access networking requirements, new mobile hardware, etc., Zero Trust affords us a secure way forward in such highly dynamic times.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Why low-code is the best code

TBT Newsroom • 12th June 2022

According to Gartner, over 50 percent of medium-to-large enterprises will adopt low or no-code platforms as part of their overall IT strategy by 2023. Low-code platforms are increasingly popular because they help organizations to deliver capabilities faster, reduce reliance and pressure on the workforce and are simpler to understand.

Classroom management software supporting teachers through flexibility

TBT Newsroom • 11th June 2022

Despite educators’ best efforts, the digital transformation from in-person to online and hybrid learning certainly didn’t go off without a hitch. The sudden onset of the coronavirus pandemic forced schools to scramble to change their systems overnight. While many schools rushed to purchase online education technology tools, few had the foresight to invest in reliable...

The Four Key Steps On Purchasing Cloud Software

TBT Newsroom • 10th June 2022

Following the COVID-19 pandemic, digital transformation efforts have accelerated across the majority of industries with businesses being forced to make alterations to their usual working routines in next to no time. What’s more, remote working made it apparent that legacy systems were no longer up to the task for businesses to operate in an effective...

APIs: What are they and how can we embrace them?

TBT Newsroom • 07th June 2022

Gravitee.io is a leading open-source API platform, enabling worldwide developers and business users to build, manage and monitor their APIs. As a team, we are driven by the purpose of giving customers the ability to manage synchronous and asynchronous APIs securely. We started out as an open-source product and still follow an open-source first ethos...

N-able Introduces Cove Data Protection

Chris Groot • 05th May 2022

N-able, the solutions partner helping IT services providers deliver security, data protection, and remote monitoring and management services, today announced the launch of Cove Data Protection™, the cloud-first data protection-as-a-service (DPaaS) solution that modernizes data protection for business-class backup and disaster recovery.