New cyber threat landscape spurs shift to zero trust security paradigm

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Adrian McDonald, President, Europe, Middle East and Africa (EMEA), Dell Technologies

• The world is interconnected like never before but as this digital connectivity expands, so does our vulnerability to cyber attacks.
• Addressing this increased risks requires a new approach to data security and that is the zero trust model of cybersecurity.
• Taking a zero trust approach will help protect data and enable organizations to realize the potential of digital transformation.

Our everyday life is digitally reliant and interconnected like never before. However, as our digital connectivity expands, so too does our vulnerability and exposure to malicious cyber-attacks.

Tech-driven trends that empower, enable and influence how we communicate, work and learn are driving immense business and public service opportunity, whilst triggering significant digital challenges across today’s cyber landscape. Addressing these risks requires a new approach to data security – enter zero trust.

Discover

What is the World Economic Forum doing on cybersecurity?

The World Economic Forum’s Centre for Cybersecurity drives global action to address systemic cybersecurity challenges and improve digital trust. It is an independent and impartial platform fostering collaboration on cybersecurity in the public and private sectors.

• Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training to a new generation of cybersecurity experts.
• The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
• The Forum has improved cyber resilience in aviation while working with Deloitte and more than 50 other companies and international organizations.
• The Forum is bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
• The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
• The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.

Contact us for more information on how to get involved.

Zero trust is a cybersecurity model that shifts how organizations approach security from reliance solely on perimeter defences to a proactive strategy that allows only known good activity across ecosystems and data pipelines.

Adopting this new approach will help increase trust in digital services, protect data and enable organizations to realize the huge potential of digital transformation.

Never trust, always verify

A paradigm shift in IT security, zero trust is a definitive departure from traditional security protocols which are no longer suited to the world we live in, how we work, and how we access online services.

Increasingly, the old cybersecurity standard of ‘trust first, verify later’ is being scrapped and replaced with a counterintuitive concept of ‘never trust, always verify’.

Since Forrester’s John Kindervag first coined the term zero trust, the model’s guiding principle has been to “deny access to applications and data by default”.

Now more than ever, enterprises and organizations benefit from the continuous verification requirement that repeatedly checks identities of every person or device before allowing access to digital assets.

Zero trust is a “data-centric approach that continuously treats everything as an unknown”, explains the World Economic Forum’s Centre for Cybersecurity, “whether a human or a machine – to ensure trustworthy behaviour”.

Building momentum for a ‘no trust’ model

Momentum is building for acceptance of the no trust model, due largely to rising security threats from without and within. And more than that, pressure is mounting to comply with international regulatory demands, as seen in Europe and the US, among the first government agencies and critical infrastructure providers now mandating the adoption of Zero Trust Architecture (ZTA) by 2024.

Whatever the incentive, once implemented, ZTA can expand an organization’s alignment of cybersecurity strategy across environments – both in the cloud and at the edge – ensuring networks of the future are cybersecurity ready.

The benefits of a zero trust implementation are realized in:

• Greater control over access
• Authorization to applications and sensitive data
• Reduced IT complexity
• Delivery of secure, predictable results for all users
• Secures 5g built outside the protection of a service provider enabling of all 5G benefits
• Enhanced cloud-based security

The advent of revolutionary 5G technology with advances in speed and connectivity promises seismic improvements in vital, quality-of-life sectors like healthcare, notably medical research, and treatment. However, greater capacity also brings wider vulnerability.

Unleashing the full potential of 5G while protecting its networks against attack will require major investment in zero trust security infrastructures.

Once implemented, zero trust will likely be the defining factor in scalability, security and sustainability of 5G and its supporting multi-cloud networks.

Zero trust journey to the cloud

Similarly, organizations moving digital assets to the cloud also face heightened security risks. Default cloud security controls may be ineffective at preventing cyber-attacks, as the Elastic Threat Report suggests,and users overestimate the security of their cloud deployments.

By incorporating a zero trust platform in the fundamental design of the new cloud infrastructure, the journey to cloud-delivered solutions can realize:

• Secure access from any user or device, regardless of location
• Reduced complexity of IT network-security architectures
• Optimized IT resources to focus on priorities
• Simplified user experience with single sign-on (SSO) and password tools
• Expedited, seamless access to applications for hybrid workers

Targeted industries seeking security gap solutions

Without the zero trust paradigm, industries with vital services that become more open and globalized are gambling with their data protection.

The majority of IT leaders question the adequacy of current cyber systems to bridge security gaps, according to the recently published 2022 Dell Technologies Global Data Protection Index:

• 76% say data protection solutions are lacking for newer technologies like cloud, edge, and the internet of things
• 69% expect a disruptive event to occur in the next 12 months
• 86% have already experienced a disruption in the last year

In the last 36 months, Skybox Security found, the most-targeted industry of manufacturing faced 61% of operational technology cyber attacks; the oil and gas industry accounted for 11% of attacks.

These and other critical industry sectors, including fintech, are increasingly looking to zero trust for new digital security solutions.

The path forward – disrupting the disruptors

Disruptions by cyber threat actors will no doubt increase. Whether challenges are sophisticated cyberattack schemes, geopolitical tensions, or supply chain vulnerabilities, a more effective approach is needed to confront present day digital challenges.

Companies and governments entering the new frontier of zero trust will not find a one-size-fits-all solution. The new architecture requires a multi-layered approach tailored to the security needs of each organization.

“

There is no neutral IT decision with respect to risk. It’s not about security outside of the IT decision, it’s about security that is intrinsic and tied to every IT decision, every vendor selection, every architectural decision. ”— John Roese, Global Chief Technology Officer, Dell Technologies

It’s time to embrace the zero trust paradigm. Organizations of all sizes should engage with trusted public-private sector partners to place zero trust at the heart of the digital infrastructures we build today for healthcare, education, energy, communication and more.

By mandating its inclusion, governments are leading the way – it’s important that industries, sectors and communities now seek to move in the same direction to meet generation-defining digital challenges.