In high security environments, like government agencies, the words ‘access denied’ can actually be a good thing.
Zero trust almost sounds counter intuitive. For so long, organizations have focused on reducing barriers for information sharing to facilitate the free flow of information and ideas across silos and be as open and collaborative as possible. As a result, employees have been provided with broad powers to access information and insights from all available systems. But with this openness has come a host of new and continually emerging security risks – risks that often outweigh the need for ‘ease of access’.
The rise of the permacrisis
Despite the high expectations for ease of access to organizational information, there are many reasons that the very concept of trust can and should be challenged.
Collins Dictionary's word of the year in 2022 was "permacrisis" also known as "polycrisis". It is defined as a "collective term for interlocking and simultaneous crises of an environmental, geopolitical and economic nature." The state the world currently finds itself in.
With the rise and persistence of such crises, it is hardly a surprise that a massive increase in cyberattacks have ensued. With more geopolitical tension, and both financial and societal woes in various hotspots, from Ukraine to the Middle East, comes increased activity in the cyber domain. According to the Microsoft Digital Defense report released in October 2023, cyberattacks have impacted 120 countries over the past year.
Conventional cybersecurity reevaluated
The attacks are fueled by government-sponsored spying, but influence operations are also rising. More than 40% of these attacks were leveled against government or private-sector organizations that are involved in building and maintaining critical infrastructure. Examples include Russian intelligence agencies waging cyber war against Ukraine, Iranian efforts to amplify manipulative messages to further geopolitical goals, or China expanding its use of spying campaigns to gain intelligence to fuel its Belt and Road Initiative or regional politics. And we see that Western governments are ramping up their cyber operations in response.
In this setting, organizations need to reevaluate their conventional approach to cybersecurity. Assuming that most insiders have been verified, and thus allowing them to roam freely within the firm's own systems, is a setup that should be viewed as a potential liability. No matter how strong your perimeter security is, there is no way to completely rule out a security breach. To limit exposure, a zero-trust paradigm can help.
Shifting towards zero trust
Zero trust strategies are now embraced by an increasing number of organizations, both public-sector and private, to reduce the likelihood of a successful intruder being able to wreak havoc on the entire system. For some government organizations, such as the military or intelligence agencies, a higher level of security is the minimum requirement and zero trust has already been deemed essential. Failure to comply means failure to connect, and in some cases concerning these government entities, the consequences of a breach can mean the difference between life and death.
To minimize the chances of a breach, systems designed around zero trust require verifying the identity of users at every move. Consequently, dynamic, and efficient access and identity management become even more important. In a zero trust environment, users' access rights are limited. To make it work, it is essential that these rights are managed precisely and effectively, at every step in the system.
In other words, access cannot be handed out to anyone and everyone anymore. Access must be based on real information needs and verified frequently.
A recent Gartner report outlines a strategic roadmap for organizations looking to embrace such zero trust strategies. Providing a broad overview of current practices in the field, the report explores both how the future zero trust paradigm should look – and what organizations must put in place to close the gaps and migrate their systems, practices, and mindsets accordingly.
To embark on your Zero Trust journey, we recommend you start with this guide to zero trust.
- Enterprise
- Healthcare
- Judicial
- Government
- Meet & collaborate securely
- Secure Meetings
- Secure Collaboration