Why every company needs to implement Zero Trust

26th August 2021
Tom is a Solution Architect at Menlo Security for the EMEA region, a leader in cloud security. In this role, he works closely with customers to meet their technical requirements and architects web and email isolation deployments for organisations across different industries. Coming from a varied background in cyber, Tom provides expert cybersecurity advice and strategic guidance. Prior to Menlo Security, Tom worked for LogRhythm and Varonis.
Thanks to the new pandemic-induced normal, the world of work has become increasingly defined by connectivity and digitalisation, and within this context, traditional ‘detect and prevent’ security solutions are no longer effective. Here, Tom McVey at Menlo Security discusses the importance of Zero Trust – what it means, why businesses should be considering it, and how it can be achieved with the use of isolation technology.

The modern day can be daunting for companies when it comes to cybersecurity.

Attacks are advancing both in volume and sophistication, CyberEdge’s 2021 Cyberthreat Defense Report revealing that 86 per cent of organisations had a successful cyber attack landed on them by the beginning of 2021 – up from the 62 per cent of organisations that were hit in 2014. 

Indeed, much of this increase has stemmed from the outcomes and impacts of the COVID-19 pandemic, with the world of work in the new normal having become highly connected, and highly digitised. 

Gartner asserts that the increasing adoption of cloud applications and a more mobile workforce have made the browser the most important productivity tool in the business. Yet, given the current threat landscape, this presents a real challenge.

What is a User Journey
Trending
What is a User Journey

Where companies are moving to the cloud and readily adopting SaaS solutions, they are beginning to experience attacks outside of the safety of their corporate network. Firms have moved from having an easily defensible, centralised perimeter to going directly to the Internet, bypassing network security and exposing a series of new vulnerabilities.

As digital footprints continue to expand, the risk of harm to companies, employees and customers is also ballooning. Unfortunately, however, much of the security industry continues to rely upon the same old outdated approach of ‘detect and prevent’.

Simply put, detect and prevent will never stop 100 per cent of threats as there will always be false negatives in a system that ultimately works by making educated guesses. 

Verizon reveals that in 2018 there were 41,686 reported security incidents and 2,013 confirmed cybersecurity breaches, with 68 per cent of these taking months or even longer to detect. 

This is worrying. It shines a spotlight on the fact that the two primary defence methods used by companies today – blocking an attack, and then detecting a breach once it has occurred – are failing and struggling to keep up with attackers’ level of sophistication. 

Enter Zero Trust

It is clear that current approaches are simply not equipped to deal with modern threats, and that for many organisations a rethink is required to be properly protected in today’s environment.

So, what is the solution? Where can enterprises turn in their hour of need?

Regarded as one of the best ways that safe email and web access can be achieved, Zero Trust is a principle that allows IT and security teams to overcome the ingenuity of even the most malicious hackers and attackers.

Traditional security models operate on the outdated assumption that everything inside an organisation’s network should be trusted. Under this broken trust model, it is assumed that a user’s identity is not compromised and that all users act responsibly and can be trusted.

Indeed, many of the most damaging cyberattacks of the past 12 months, such as the SolarWinds breach, were allowed to happen because of the simple fact that once hackers gained access inside corporate firewalls, they were then able to move laterally through internal systems, access and exfiltrate data, elevate privileges, and importantly, without any meaningful resistance.

Zero Trust addresses this issue, leading the shift away from legacy ‘castle and moat’ solutions and removing many of the issues associated with detection-based security technologies. 

It takes a default ‘deny’ approach to security that is rooted in the principle of continual verification. It recognises trust as a vulnerability and therefore commands that all traffic – including emails, websites, videos, or other documents that originate from either inside or outside an organisation – should be verified.

Indeed, three key principles are typical of Zero Trust.

  • First is the idea of verification as previously discussed, entailing the continuous authentication of all available data points. 
  • Second, companies must work to incorporate a policy of ‘least privilege’, limiting user access to just the specific applications and areas of a company network that they need to do their job effectively. Indeed, this does not just secure data, but it also helps to enhance productivity.
  • Third, an organisation must always assume that a breach is imminent. In doing so, security becomes a priority in all of its decision-making, and can be continually bolstered with the use of other tactics.
Achieving Zero Trust with isolation

One way in which Zero Trust can be achieved in the truest sense is using isolation technology.

Isolation is a completely new way of thinking about security with a Zero Trust first mindset. It completely removes the opportunity for any attackers to gain a foothold in the working environment, quite literally barring malicious payloads from their target endpoints.

With isolation, the browsing process is moved from the desktop to the cloud, creating something of a digital ‘air gap’ between the Internet and the endpoint. All content is cleaned and safely rendered from the cloud browser so that when employees go to conduct typical daily tasks, such as interacting with emails and browsing the Internet, there is complete peace of mind. 

All email and web traffic moves through this isolation layer, where the content is visible but never downloaded to the endpoint. At the same time, the user experience is identical to the one on the desktop with no impact on performance or interruption in workflow. 

READ MORE:

In this sense, isolation based Zero Trust does not leave anything to chance. Unlike other ‘almost safe’ technologies, it can stop cyber attacks and threat actors in their path 100 per cent of the time. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

We think you'll like:

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...