In today’s decentralized world, organizations are turning to Zero Trust security to help them in securing workers and applications wherever they are located. Our latest whitepaper outlines what Zero Trust is and the steps organizations should take to adopt the approach.
There is an urgent need to overhaul traditional perimeter-based security. More and more people, data, applications and devices are outside the traditional corporate network, but we still want access. In fact, nearly half (48%) of employees work remotely at least some of the time in the post‑pandemic world, compared with 30% before. And an increasing use of the Internet of Things (IoT) has thousands of devices connected and sharing data from many different locations.
In addition, attackers are becoming more sophisticated and prolific. In 2021, ransomware alone affected 37% of global organizations, and was the most prevailing cyber threat according to Orange Cyberdefense’s Security Navigator 2022.
Strategic business decisions, such as new business models, opening new channels, mergers and acquisitions, or using new suppliers to circumvent supply chain issues, are adding complexity. They introduce new systems that need to be integrated and new users wanting access to data and applications. The interconnected nature of business means secure collaboration with external partners has become vital.
How should companies adapt to this? How do they check who has access to data and where that data is being stored at any given moment? How, ultimately, can enterprises prevent compromises of critical business information? Virtual private networks (VPN) have long been the answer, but they can’t cope well with cloud-based applications, integrate third parties effectively or handle exponential IoT growth.
Zero Trust has momentum
An increasingly popular alternative is Zero Trust. A recent survey found that 32% of respondents named Zero Trust as an area that their organizations need to address to improve security in the wake of COVID‑19.
Gartner defines Zero Trust as “an approach where implicit trust is removed from all computing infrastructure”. It is underpinned by three basic concepts:
Importantly Zero Trust is not a “technology” solution per se. It is more of a mindset shift away from thinking of the security of fixed lines of defense towards a state of continual verification, but one that doesn’t hamper the user experience.
A journey not a destination
Furthermore, taking a Zero Trust approach is a journey, not a destination. The nature of threats today is that they are always changing and seeking out new opportunities. As such, an effective defense needs to have the same capabilities – constantly evolving, constantly monitoring, and adapting. To get to that point requires a phased approach.
First, start moving your organization to a risk-based security strategy. Define what needs protecting, based on how the organization would be affected by a successful attack. This needs to be focused to allow clear use cases to be defined, which will inform the Zero Trust roadmap. Second, design a strategy to meet these needs and identify the solutions and technologies to support it.
And finally, implement and test the strategy, creating a feedback loop which will allow the approach to be adjusted in a cycle of continuous improvement. As well verifying the effectiveness of existing security, this process also means that new threats can be identified, and countermeasures incorporated seamlessly.
Ultimately, every Zero Trust journey will be different, but there are core principles that run through every Zero Trust strategy. What matters is taking the step from theory to reality.
Make no mistake, this is a transformation of a legacy setting to one fit for the decentralized, digital era. That encompasses technology, of course, but people and processes too. But in many ways, this makes Zero Trust more achievable – it is not simply a case of adding a new solution, but a true transformation that fundamentally alters how every part of the organization approaches security.
As with any change, it is challenging and complex. Working with an experienced partner can help. That doesn’t mean necessarily adding more vendors to an already overloaded security stack, but engaging advisors who can assess the current situation, identify where your enterprise is in the Zero Trust framework and suggest next steps.
To find out more about Zero Trust and Orange Cyberdefense’s approach, please download the whitepaper. It outlines a framework that will allow businesses to benchmark their Zero Trust maturity, OCD’s five-step intelligence-led adoption methodology, details the logical components of a solution, and a checklist to guide the Zero Trust journey.