Most organisations across industries know, in 2023, that Zero Trust is a key approach to establishing security resilience.
Research by Gartner found that over 60% of organisations will launch a Zero Trust project by 2025. But more than half will fail to implement Zero Trust effectively – so they won’t get to see the benefits.
At #BHMEA22 Lothar Renner (Managing Director, Security, at Cisco EMEA) explained why Zero Trust is a crucial framework for mitigating risk in an ever-growing threat landscape. And he shared five points to help organisations establish Zero Trust initiatives with the potential for success.
Zero Trust as a complete approach
Renner noted that the geopolitical crises faced in regions around the world over the last few years have increased the number of cyberattacks occurring, and that’s happening alongside rapid digitisation of business operations as a result of the COVID-19 pandemic.
This means that what is required to secure your organisation, your country, your employees, your data and your infrastructure has “significantly changed.” Classical security solutions that are built around the understanding that an organisation has a defined parameter are no longer fit for purpose.
So how do you protect your organisation?
“My opinion is the only way to do that is with a complete approach – and that approach is called Zero Trust. You do not trust from the beginning.”
Not all organisations are comfortable with the idea of no trust, because it goes against their existing company culture. But establishing a Zero Trust framework is essential – “You don’t trust anyone until they have been authenticated. Every time.”
The three central principles of Zero Trust are:
- Never assume trust.
- Always verify.
- When you grant access, grant the least privileged access possible.
Instead of being a security solution you can buy from a vendor, “Zero Trust is a principle, an architecture, a framework.” And it expands around the entire organisation – from on-premises networks to the cloud; the user to their devices; and data in every location where it’s stored or accessed.
How to increase your chances of success
Renner noted that he often sees companies that work to tighten their security, only to find that it diminishes the user experience (UX). “In many cases, it happened that the security has improved but the user experience and productivity has declined. If security is giving you a hurdle, a burden, so you cannot do your work – what do you try to do? You try to get around it.”
He pointed out that this has been confirmed by a study in which one fifth of the workforce surveyed breached their company’s security rules on a weekly basis.
So how can you increase the likelihood that your Zero Trust project will be successful?
- Adopt a team approach. Get everyone involved, and ensure everyone’s playing together.
- Executive sponsorship. Zero Trust isn’t just a cybersecurity approach – it’s a whole culture approach. Sometimes it requires a shift in broader company culture, and this has to be supported by the people at the top.
- Pilot to prove. Show everyone in your organisation that the UX can still be good, even with a high level of security.
- Create demand for Zero Trust. When you see it working successfully in your organisation, you’re more likely to push for it to continue.
- Communicate the benefits. Make sure everyone understands why you’re implementing a Zero Trust framework and show them how it will benefit them.
“Zero trust is not a buzzword that will go away,” Renner said. It’s a discipline that enables organisations to better protect their information and their people. And it requires consistency, organisation-wide dedication, and ongoing communication.
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!