How Did We End Up with Zero Trust?

zero trust

Francis O’Haire, Group Technology Director, DataSolutions informs us about Zero trust and the way this has developed over time in businesses.

Technology doesn’t sit still. It has to evolve constantly. It needs to update, to adapt while the landscape all around it seems to change at a seemingly ever-increasing pace. Technology is constantly called upon to deal with challenges, to solve problems. One area of IT that has borne witness to all of this, a subject capable of grabbing the headlines in mainstream media and the more specialized press, is cybersecurity (or the apparent lack of it). Breaches and hacks, bad actors and cyberthieves – not a day seems to go by without another story regarding a well-known company being compromised. Big or small, going after an organization (specifically, its digital assets – data, information) is big business for cybercriminals. Why kidnap a wealthy business person for a ransom when you can do so with a few clicks on a keyboard? Why risk a bullet in a botched hold-up when you could strike gold via a company server?

Today, IT security faces all sorts of challenges, not least of all from a cybercriminal cabal who are collectively able to adapt, outsmart new defenses and make everybody else play catch-up. Hardly surprising then that we have arrived at a way of thinking whose mantra is, ‘trust nobody.’ When your default position is to verify anything and everything that attempts to connect to your IT systems before access is approved, then you have arrived in the world of ‘Zero Trust.’

Once upon a time, firewalls were the darlings of IT security – they protected an organization’s networks from any external threats. While firewalls could offer a reasonable defense against an intruder on the outside trying to gain access to the inside, they relied upon the fact that everyone inside was ‘friendly,’ i.e., if an attacker did gain entry to the inside, then they could pretty much run amok and cause havoc as they pleased. And if you consider that the overwhelming majority of network traffic in a data center is East-West traffic (between internal systems), then that traffic is not getting inspected by any firewall security. In short, nothing is preventing any ‘sideways’ travel from one compromised system/device to a ‘clean’ one.

These fairly straightforward concepts of inside a network vs. outside a network seemed to make sense. People worked in offices with centralized systems and networks, data and resources were also relatively centralized, so it was much easier to keep a lid on things. However, the whole IT landscape has changed today- sensitive data and information, company resources, which are now likely to be spread across data centers, branches, clouds, and mobile devices. Under these conditions, traditional firewall security doesn’t make the cut – there is no longer a clearly defined perimeter.

It is still impossible to defend against every single iteration of a cyber-attack – there is no silver bullet, no one single security solution that fits all. However, it is possible to look at IT security from an alternative angle, seeking to provide a more robust approach to system access. It is fair to say that there is no visible end to threats/vulnerabilities – almost impossible to control. However, system access is something that you can control; you can measure it, quantify it. By concentrating your efforts on system access, you take the driving seat concerning security. This explains the idea behind Zero Trust. It isn’t a single product or solution rather an overarching theme whereby an organization nullifies any threat seeking to gain access to their system. In a Zero Trust environment, effectively, you trust nobody. Indeed, over a decade has elapsed since Forrester described this environment where no system or user is trusted (inside or outside the corporate network) without being positively identified and authorized.

Zero Trust comes at a time where organizations of all shapes and sizes have had to deal with changing working habits. While things like remote working and working from home were already familiar to a minority, COVID came along, and suddenly the majority of us found ourselves working like this. The demand for accessing your organization’s networks from outside of the traditional perimeters probably went through the roof. Suddenly, corporate intellectual property, client information, financial data, and any other company resource needed to be accessible to workers via their smart devices or home laptops. Suddenly your organization is largely operating outside of the traditional centralized network. Great news for cybercriminals who now have a much larger attack surface to consider, an increase in potential entry points, more weak spots. Little wonder then that a Zero Trust approach to security makes all the sense in the world.

Read More:

We have already stated that Zero Trust is no one single product or solution. Achieving Zero Trust involves other technologies such as strong identity management and authentication and a change in processes within the organization. However, as we grapple with a changing work landscape, multi-access networking requirements, new mobile hardware, etc., Zero Trust affords us a secure way forward in such highly dynamic times.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...