Is Zero Trust a buzzword or an innovative strategy

by Pierre-Yves Popihn

03 December 2019

A  view of a city and buildings

Although it’s been around for some time, the Zero Trust approach has recently been gaining a lot of attention and, in fact, is increasingly implemented within organizations. But what actually is it? And how can the Zero Trust approach be used as part of a wider cybersecurity strategy? 

Essentially, Zero Trust refers to a strategy that changes the way businesses secure their information systems. Indeed, most have built their security strategy around a perimeter approach, which consists of systems and solutions to ward off cybercriminals from entering a company's network. Everything outside the protected area is simply not to be trusted.

Given the evolving threat landscape, this approach is, however, changing. All the boundaries that existed in companies are now being redesigned. What’s more, the evolution towards disruptive technologies like the cloud and automation – and diverse employee mobility issues – are forcing organizations to completely rethink how they secure their information systems.

The adoption of a comprehensive approach to security is now necessary and Zero Trust is one approach that businesses should explore. By adopting this model, they can control who has access to what, how and when. The challenge, then, is to be able to control the user chain from start to finish.

Two people working together looking at a tablet

Here are three crucial steps for a comprehensive strategy:

  • First, it is about identifying the various assets and components of the user chain. This means determining who the users are and what they have access to.
  • Then comes contextualization, so where is the user and on which device(s). Knowing the identity of the user is no longer enough. Businesses must be able to analyse their usage too.
  • Finally, every organization must have full visibility of its network. To better understand who has access to its network, it must find out what type of equipment is connected. Companies can use solutions such as access controls or Mobile Device Management (MDM).

In short, the issue is no longer about the equipment – it’s just as much about the users. Today, organizations must know whether a given person has the right to access information in particular. Keep in mind that the Zero Trust approach is built on a progressive approach that adapts to each user and is used in conjunction with complementary solutions like Multi Factor Authentication (MFA).

This notion of identity and authentication control is often already put in place by certain organizations. The Zero Trust approach is therefore an extension of what they already have and, what’s more, it can be used for cloud applications, critical infrastructure and so on.

The advantage is that the implementation of this approach does not disrupt an organization’s security model and the change is usually minimal once the identification work during set up is complete. That's why today, most businesses combine several approaches to create an innovative security strategy. The bottom line? Don’t dismiss Zero Trust as the latest security buzzword.

Pierre-Yves Popihn

Pierre-Yves Popihn

Director, Consulting Services, NTT Ltd.