Ian Collard, Founder & CEO of Identity Methods, explains why there has never been a greater need to utilise preventative and protective measures to secure UK industry.
In November 2021, Sir Jeremy Fleming, Director of GCHQ – the UK’s Intelligence, Cyber and Security Agency – stated that cyber-threats continue to grow on a global scale. He cited threats to international security as examples including the cyber-attack on Microsoft, linked to a Chinese state-backed threat actor and the SolarWinds attack, attributed to Russia’s Foreign Intelligence Service. With geopolitical tensions rising, the threat of punitive economic sanctions to be used as a deterrent, some predict ever more sophisticated cyber-attacks to come.
While trust is in short supply on the international affairs front, businesses are often too generous when it comes to security and access across a corporate IT network. Many work on the principle that long-term access be granted as job role requirements dictate. But when a system is compromised, these lingering access permissions create easy pathways for threat actors, who in some cases can dwell for long periods inside a host system before striking. This is where zero trust comes to the fore; removing implicit trust to better protect systems, assets and people. But what steps should IT leaders be taking to improve the security posture of their organisations?
Getting to zero trust
Taking a zero trust approach involves always asking for verification of a user or system’s identification credentials, thus vastly improving security. This is of particular importance now that the popularity of flexible and remote working means that IT leaders have many new points of connectivity to secure. Zero trust is based around a simple philosophy of never trust and always verify, encouraging greater supervision of the digital environment and the collection of information in the process.
While there are many products and services that aim to offer a zero trust solution, offerings and their various capabilities can be confusing and might require businesses to become ‘locked-in’ to a certain provider or product range. Fortunately, the National Institute for Science and Technology (NIST) has developed a neutral, vendor-less framework which can help organisations and security professionals to manage their digital space more simply and effectively, addressing the entire IT infrastructure rather than looking for a solution in standalone products. Mapping security solutions to NIST’s ‘seven tenets’ can help to better structure, monitor and protect the connected enterprise.
Partnerships for success
As establishing zero trust is fast becoming critical, representing an important strategic enhancement to support businesses over the longer term, working closely with a trusted partner will enable organisations and their security teams to respond with confidence to new and existing threats and challenges. It’s imperative for organisations to look carefully at who they choose to associate their brand and do business with. Entering into a partnership with a provider that can demonstrate past successes and operates in accordance with ethical codes of conduct will provide assurances of corporate governance and closer scrutiny of working practices.
In a world where products are often hastily produced in countries with low levels of quality assurance and with poor transparency of labour laws, it is all too easy to seek out and use technologies that have been manufactured cheaply and brought to market quickly. But short-term gain often portends a longer-term cost. While speed of deployment to ensure comprehensive protection can be a key factor in partner selection, this should be balanced with a thorough process of due diligence to determine the integrity of vendor, technology and increasingly the entire supply chain. Greater peace of mind can be gained from knowing that the supply chain and its stakeholders are fully aligned to shared core values and principles.
Changing traditional thinking
Getting to zero trust requires a change in planning, strategy and security operations. A comprehensive zero trust architecture (ZTA) implementation, in which the whole roadmap from discovery to implementation is laid out, can seem daunting, but when an end-to-end vision across the consultation and delivery phases of the journey to ZTA can be guaranteed a more reliable, flexible and future-proof security set-up.
With the pace of digital transformation accelerating faster than ever, getting to zero trust by adopting NIST’s framework and working closely with providers that demonstrate integrity, adhere to ethical methods and follow trustworthy development practices, represents a stronger pathway toward success. Taking the right approach will lead to a much clearer vision for robust security across the enterprise, helping organisations better prepare for the evolving cyber-threats of today and tomorrow.
By Ian Collard, Founder & CEO of Identity Methods
For more information, visit: identitymethods.co.uk