By Alan Hawkins, General Manager: Cybersecurity and Software
Zero Trust assumes that all digital interactions are hostile and treats them as such. That way you can detect, prevent, isolate and stop network breaches, before they even happen.
The alarming rise in cyber threats, the shift to hybrid work and the ability to bring your device into the work environment, have made cybersecurity an imperative for all organisations.
The World Economic Forum's Centre for Cybersecurity definedzero trust as a “principle-based model designed within a cybersecurity strategy that enforces a data-centric approach to continuously treat everything as an unknown – whether a human or a machine - to ensure trustworthy behaviour”. That’s quite a mouthful.
It means that all users, whether in or outside the organisation’s network, must be continuously validated at every stage of a digital interaction. It also assumes that there is no network edge because the fortress approach to security is failing – networks may be local or in the cloud or both, and workers may be in any location.
Because every user access is immediately treated like a security breach, there has been concern that zero-trust architecture and great user experiences can’t coexist. But our experience has shown that users are unaware of what is happening in the background. In fact, whether you work from home, at the office or at a café you have immediate access to your applications, unlike a VPN where you have to log in.
According to Gartner, 60% of organisations will embrace zero trust as a starting point for security by 2025. The research firm says that as a mindset, replacing implicit trust with identity- and context-based risk appropriate trust – is extremely powerful.
People are the problem
The reason it is such a compelling approach is that human error is still very much the driving force behind an overwhelming majority of cybersecurity problems. A study by Stanford University found that an astounding 88% of data breaches involved human error. Whether as a root cause or as a critical component in a chain of events, somewhere along the line a human being took an action or made a decision that put data at risk. For example, employees open emails they shouldn’t, don’t protect mobile devices, and trust social networks – all risky behaviours and actions.
Implementing zero trust solutions
Forrester's seven pillars of zero trust model comprises users, devices, network, infrastructure, applications, data, visibility and analytics, and orchestration and automation.
We recommend vendors like Check Point, Aruba, Pulse Secure and Sophos. These vendors offer a holistic and practical approach to implementing zero trust based on consolidated security architecture. We believe this is the correct approach because using disparate technologies may result in inherent security gaps and complexities.
Choosing the right team to implement zero trust for your business and budget can be challenging as the different vendors have implemented zero trust network access solutions in their own unique architecture offering. That is why it is important to work with an experienced distributor that can help you to identify your organisation’s specific requirements.
We can assist in assessing your business's cybersecurity needs and provide a solution that meets those needs effectively. Contact us today.