Why zero-trust is the only way to secure the enterprise

The way we work and operate is changing rapidly

Fuelled by digitalisation, and accelerated by a global crisis, the transformation of all parts of business is bringing new ways of working, more efficient operations, new business models and increased opportunities to innovate to organisations of all sizes.

Yet within those benefits, threats await. As organisations increase their digital dependency, so to do they expose greater parts of their operations to cyber assaults. One study found that hackers attack every 39 seconds, showing the constant barrage internet-connected devices are under. Little wonder then that another report predicts that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

The problem is many organisations have yet to transform their approaches to security. They are hoping that static, analogue defences will work against agile digital attacks. If they are to avoid falling victim to ever more sophisticated threats, they need to find a new way of securing the applications, data, services, networks, and clouds that make up digital businesses.

From business first to employee first

In the old days, IT security focused on ring-fencing the business and protecting it from external threats. Firewalls would keep data and applications secure. When everything lived in a handful of centralised points, such as physical data centres, that was fine.

Now, however, applications and data need to move around; they need to operate in the environments that work best for them. That might mean a public cloud-based front-end connected to an on-premises database; it could be sharing information via easy-to-use, consumer-grade
collaboration tools.

This renders firewalls and other fixed-line defences redundant. Yet enterprises continue to think that putting the organisation, and its processes, at the centre of these defences is the best approach.
Put simply, it is not. The biggest threat to corporate security are its users – according to IBM research, 95% of all corporate security incidents involve human error. Usually, this is as much through a lack of education and understanding of what good cyber hygiene or security practices as malicious intent are.

However, this has now been compounded with a majority of workers now working remotely, away from centralised offices, as a result of the recent pandemic crisis. Finding out who opened what email, or clicked on the wrong link, becomes much harder when everyone is sat at home.

On top of that, they could well be using devices they themselves have supplied, and services that are easy to access and use, but sit outside IT governance and compliance.

To protect all that with firewalls simply is not possible. What is more, it would stifle the agility and flexibility they need to continue to operate.

Deploying zero trust – from external to internal

The focus of security needs to evolve – from just looking outwards, to considering the internal vulnerabilities, the human factor. That is why a zero-trust approach is critical. It puts users at the centre of security, regardless of where they actually are.

It does this through a simple principle – do not trust anyone, no matter what devices they are using, whether they are on the corporate network or not.

This requires combining policies and technologies. For the former, that requires defining who should have access to files and documents and classifying that information with different confidentiality levels. The latter includes multifactor authentication, orchestration, encryption, scoring and file system permissions. Through this, enterprises can protect mission-critical and commercially sensitive data while still allowing access and supporting employees to do their roles, in a manner which best suits the user.

It also prepares enterprises for the post-pandemic world. Even as the world eases out of lockdown, it is unlikely to rush back to near-total office working. Having a way to secure newly decentralised workforces, without hampering their abilities (and therefore driving them to deploy Shadow IT solutions), is critical – that is why zero trust will be the de facto approach to securing corporate assets.

The zero-trust enterprise – secure and agile

Businesses that want to thrive have to be digitised. It is the only way they can successfully operate in a world of lockdowns, social distancing, and decentralised working. That means, however, that means every aspect of their organisation, including security, needs to be fit for purpose in the digital era. They simply cannot protect digital assets with analogue defences.

Zero trust is security for the digital business. It is the only way enterprises can enable remote and more agile ways of working, keeping employees operational, while still protecting both users and corporate data. Without it, organisations are leaving themselves open to crippling attacks and
breaches; with it, they are operationally fit for purpose.

About the Author

FRANCOIS RODRIGUEZ – Francois Rodriguez is Chief Growth Officer at Adeya. François Rodriguez is a digital business transformation leader with a track record in formulating and executing growth strategies across global markets. He has over 20 years’ marketing experience across several verticals. François has marketing and management degrees from universities in Switzerland and the UK. Find out more: https://adeya.ch