Prior to 2020, “the technology industry has long assumed that it would eventually get rid of the concept of implicit digital trust,” Emil Sayegh writes, pointing out that this got completely flipped this year as digital transformation was forced on a new route due to the surge in remote working. He calls it the year of ‘Zero trust’.
Why is this? Because organizations have had to rethink their security concerns with so many employees working from home. “Remote work IT capabilities changed the perimeters of traditional security, as well as its threat, Sayergh says, and adds that there is mounting evidence “that since this big shift, cybersecurity threats and threat vectors have increased 400% from pre-Covid times.”
Cybercriminals were quick to catch on to the fact that there were bound to be places that were easy to breach, plus they have updated their methods of attack to exploit fears by using more ransomware and targeted malware on organizations. What this tells us that there is a critical need to deal with their threats in a more efficient and intelligent way.
Every day is ‘Day Zero’
A ‘Day Zero’’ is the day that any cyber threat is unleashed, and in “a Zero Trust world, every day is assumed to be a potential ‘day zero’,” Sayergh says. The position to take from an IT perspective is one of overarching ‘mistrust’ and continuous vigilance over “who accesses what at every level possible.” As Sayergh remarks, every time a network is accessed it should be treated as ‘stranger danger’. Therefore all access should be “fully authenticated, authorized, and encrypted before any access can happen.” Ultimately, Zero Trust operates on the basis of a “hermetically sealed security” that also “empowers employees to work securely and efficiently, wherever they may be operating.”
As organizations now work on implementing Zero Trust, security capabilities are increasing. It also applies to cybersecurity strategies, and “leverages tools such as multi-factor authentication and active session-based risk detection to produce higher levels of security.”
In effect, Zero Trust has been akin to the cavalry riding into 2020. As Sayergh concludes: “By controlling access to specific applications, systems, and resources combined with an assumption of the continual breach, Zero Trust is positioned to enable a seamless move to greater security for all.”