3 minute read
Zero-Trust is Easier Said Than Done
How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
Zero Trust Network Architecture has been evolving since its inception in 2010 to include the latest technologies, best practices, and recommended cybersecurity frameworks. Initially, it was built on the principle of not trusting any user or device trying to connect to the network, or trying to access applications and data, unless such users and devices are being verified and have the right privileges of access and authorisation.
Advertisement
Do you believe that technologies that support zero trust are moving into the mainstream?
No doubt that technologies that enable Zero Trust are gaining wider adoption and interest. As more organizations are adopting work-from-home business models and embracing cloud-based services (SaaS/IaaS/PaaS), the need for secure access to sensitive data and resources has become increasingly critical.
As a result, there is growing interested in implementing Zero Trust principles and related technologies, such as Data Protection, Identity and Access Management solutions, Visibility, Network Segmentation, Multi-factor authentication, and more. We will increasingly start hearing more about AI-based technologies being integrated with or within the Zero-Trust model.
At the same time, traditional Workfrom-Office organizations, continue to improve their cybersecurity posture and protect against evolving threats with Zero Trust. In other words, the Zero-Trust model is suited for both traditional as well as modern networks.
Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did?
The changing nature of IT and business services, and the technologies that empower such services, would mean that organizations must continuously re-evaluate and assess new ways of architectures and practices to address evolving security threats.
Zero-Trust is not a set-in-stone model or a network architecture. It can evolve to address new challenges and threats, such as AI adoption by malicious activities. In other words, organisations should consider leveraging AI and Machine Learning (ML) to detect and respond to threats in real-time, and they should continuously update their security protocols to stay ahead of emerging threats. Regular employee training and awareness programs can also help mitigate risks, which is often a leading cause of security breaches for now.
How can companies get started with zero trust?
First, you need to have the buy-in from all the C-levels of the organization, led by a CIO or CISO’s conviction. Second, acquiring the right skill sets, whether with training and/or hiring is at the top of the list as an action item. Third, organizations should identify their critical assets and determine who needs access to them, from where, and when.
Fourth, you need to identify the technologies and potential vendors you would require, by inviting relevant manufacturers and solution integrators for discussions and demos. Fifth, is budgeting. This is where you need to determine the budget based on the potential risks that you could have, and then prioritize it. And lastly, implementing the technologies and utilising them to their maximum potential.
Overall, companies should take a holistic and planned approach to Zero Trust, integrating it throughout their entire IT infrastructure and organization.
Industry experts have warned that cyber-attacks will be focused on techniques that zero trust controls can’t mitigate. What according to you can be done to address this?
Today AI can be leveraged by malicious activities, and it might be an advantage to bad actors on one hand. Yet on the other hand, the Zero Trust model should evolve so that the existing AI and machine learning technologies learn to identify and mitigate security risks. By analyzing data from various sources and detecting anomalous behavior, AI-powered security tools can help organizations prevent attacks before they occur.
However, with potentially having AI on the offensive side of the threat versus AI on the defensive side of the organization, adopting such a new approach requires a fundamental shift in mindset and a commitment to integrating the latest cybersecurity and practices throughout all aspects of the IT infrastructure, from the network to applications, users, and devices.
With AI, the volume and destruction of cyber-attacks will be extreme to unprecedented or even unimaged levels, disrupting human lives and putting nations into chaos. Zero-Trust would then need to further evolve, to alleviate the damage that AI can bring when leveraged by malicious activities.
