Accept nothing less. Zero Trust Security

With cyber threat levels at epidemic proportions and the battle between IT leaders and criminals becoming ever more challenging, one thing is for certain – the clear and present danger is here to stay! And regardless of where a company is on their transformational journey, protecting systems and data has to be a top priority.

Time to get serious as the Cybersecurity ‘Arms Race’ ramps up.

Against this backdrop, the term ‘Zero Trust’ has emerged, and it seems to be everywhere at the moment. And whilst many will think they’ve seen and heard it all before, there are crucial factors and benefits to adopting such an approach.

On one hand the emergence of Zero Trust is due to outdated and weak security policies that assumed everything was adequately protected, and on the other it’s due to the speed of transformation and business growth in many sectors, as we begin to accept that hybrid working is here to stay.

Of course, there are moves afoot to encourage workers back into the office, but a recent Gartner survey revealed that 82% of company leaders plan to allow employees to work remotely some of the time.

Regardless of how much work is done remotely in the future, the adoption of a strategy that trusts no individual user or device should be high on the agenda – and it’s smart practice to assume that everyone and everything could be compromised.

Incorporating secure remote working into operational business plans has therefore become a priority, with many realising that their current levels of protection are not adequate for permanent hybrid working practices.

For many employees nowadays, work has become an activity – not a place, and to attract top talent, businesses need to provide the right working environment along with rigorous protection for both employees and the organisation. Business leaders are well aware that security breaches regularly bring companies to their knees, and for this reason security is now firmly established on the board room agenda.

Digital transformation and modern, agile workforces demand access to systems at any time, and on any device. The traditional network edge has disappeared and most enterprises now have a combination of local and cloud-based applications, with dispersed resources and employees in many different geographical locations.

Cybercrime continues to become ever more sophisticated, and levels of security must be reviewed and improved on an on-going basis – traditional username and password authentication practices, that grant automatic access to systems and sensitive data, are no longer enough.

So, enter stage left ‘Zero Trust’ … a security framework that requires all users, whether inside or outside the network, to be multi-factor authenticated, authorised, and continuously validated for security configuration and posture – before and during monitored use of systems, applications and data.

Even though devices are within the internal or trusted side of a firewall or VPN, they should not be automatically trusted by default. Rigour must be built into digital transactions thorough context and posture assessment, combined with on-going monitoring of activity across the infrastructure to ensure only clean devices and accepted behaviours are granted access to resources.

At its core, Zero Trust has the ethos of ‘never trust, always verify’ – and such enhanced security combined with dynamic threat protection of the entire attack surface area should be built into IT strategy and investment plans.

If you’d like an initial conversation with one of our security or cloud experts about ways to improve both security and operational performance, please contact us on sales@vcg.group.