Security Summit: Zero trust approach non-negotiable
COVID-19 catapulted a zero trust approach to cyber security overnight. Today, this approach – based on explicit verification, continuous inspection of the network and a healthy paranoia around the potential for cyber attacks – is front-of-mind for business leaders and governments.
So said Fady Younes, cyber security director – Middle East & Africa, Global Security Sales Operations, Cisco, in his keynote address at the ITWeb Security Summit 2021.
Zero trust has been the subject of discussion within the cyber security industry for many years, he said, but now it is considered central to meeting a critical need: simple end-to-end visibility of the network from a central platform and proactive monitoring of the network.
According to Younes, several principles define zero trust, including the explicit verification of users, devices, network devices and workload apps; the use of least privilege access (minimum level of access granted in order to complete tasks and operate effectively); and “a healthy level of paranoia” around the possibility of a breach or cyber attack.
The outbreak of the pandemic meant that businesses had to facilitate a distributed workforce and remote connectivity from multiple trusted and unknown devices almost instantly.
“It accelerated digital transformation and the changes to our business. Digital transformation is positive when it comes to moving the business forward. The explosion of devices, the transition to the multi-cloud and distributed workforce… all of these have contributed to the agility, flexibility and speed at which business can move. But digital transformation is also a double-edged sword,” said Younes.
This transformation has increased pressure on cyber security professionals and growth in adoption of zero trust.
To illustrate this, Younes referred to an executive order by US president Joe Biden in May this year for zero trust and mandatory encryption of government communication. This is likely to be picked up and followed by governments globally, Younes added.
Industry assumption bad actors will breach the perimeter of the firewall... it is time for workload protection and Zero Trust said Younes.
There is agreement in the cyber security industry that the perimeter firewall is not sufficient amid increasingly sophisticated threats, he said. In order to protect the pillars of zero trust – the workplace, workforce and work tools – visibility is a must, as is the application of micro-segmentation. team work among all stakeholders
“Zero Trust is a journey and it will keep on evolving. We all realise that that new norm or new way wasn’t a transition, this is the new reality. We accordingly now, in phase three, need to prepare solid architecture for the new hybrid environment.”