HPE Community
HPE Blog, UK, Ireland, Middle East & Africa
1754354 Members
4739 Online
108813 Solutions
New Article
 
Subscribe to RSS Feed
|
Michael_Bird

Zero Trust: An impossible goal?

‎05-17-2021 10:58 PM

“Trust no one,” sounds like the tagline for a paranoid spy thriller, but when it comes to protecting your company, cybersecurity experts say it might just be sound advice.

“Zero trust” is a security concept from the nineties having a renaissance today, as companies try to deal with bolder and more sophisticated cyberattacks. Since threats can now come from anywhere, say zero trust proponents, the suspicion that’s normally reserved for strange attachments and fishy emails must now extend to all parts of your business. Remote employee logins, external software updates, even hardware from reputable dealers—everything is under scrutiny. But how deep does the rabbit hole go? How can a regular business implement zero-trust architecture? And most importantly, will your CEO be locked out of their email?

In this episode, host Michael Bird speaks with Josephine Wolff, Assistant Professor of Cybersecurity Policy at Tufts University about the broad-reaching SolarWinds security breach, which has shown the need for zero trust strategies. We learn about how the changing workforce affects the evolving world of enterprise security from Simon Wilson, Chief Technology Officer of Aruba Networks in the UK & Ireland. In addition, HPE Chief Technologist Chris Dando stops by to scare us to bits about all the potential compromises in our supply chain.

Better Safe Than Sorry

Zero-trust architecture can sound tedious and difficult to implement but it’s important to remember the very real threat that cybersecurity breaches can pose to businesses.

Josephine Wolff, Assistant Professor of Cybersecurity Policy at the Fletcher School of Law and Diplomacy at Tufts University, tells us the story of the 2020 system breach at IT company SolarWinds, which affected over 18,000 customers and resulted in security compromises at places like Microsoft and the US Pentagon.

HPE Chief Technologist Chris Dando details the reputational, financial, and societal damage that can arise from a security breach. The upshot? What sounds tedious now can save major headaches later.

The more things change, the more they stay the same

The pandemic has accelerated a change in how people work, which Simon Wilson, Chief Technology Officer at Aruba Networks UK, argues should require a corresponding upgrade in our security infrastructure. It used to be that simply being in the office was enough to authenticate a user. But as people work remotely, from their personal computers, or on mobile devices, more layers of scrutiny must be applied.

So…what does this mean for the end user? Can employees work from home without compromising security? Will you need a hundred passwords and a retina scan? Are we talking three-factor authentication?

According to Wilson, zero trust doesn’t mean user experience will change—in fact the opposite. Wilson says that if security is too cumbersome, employees will find a workaround, opening the door to other threats. Part of making a security system strong is making it nearly invisible.

It’s a state of mind

So, you’re swayed by the idea of zero trust, now how do you make it happen? That depends, says Simon Wilson. Because zero trust is a concept, not a specific structure, users can implement it in a way that works for them.

This means you don’t have to apply zero trust to your business all at once. Dando says this gives you the flexibility to start protecting the areas of your business that are the most important.

Josephine Wolff reminds us that your zero trust network doesn’t have to be perfect. It’s all about the principles of stronger authentication, traffic monitoring, and network segmentation. So, you can do it—trust yourself! Just don’t trust anybody else.

Key takeaways:

  • The threats are out there whether they come from external software updates, compromised hardware, or good old-fashioned phishing. Cyberattacks are being attributed to hostile governments, which are better-funded and more creative.
  • Zero-trust doesn’t change the end user experience. Zero-trust network architecture happens on the back-end, often times automatically.
  • Zero-trust doesn’t mean ZERO-trust. It’s more of a framework for increased scrutiny across a variety of different security channels.

Links and Resources:

Zero Trust Principles | National Cyber Security Centre

Zero Trust Architecture | NIST

The SolarWinds Hack Is Unlike Anything We Have Ever Seen Before | Josephine Wolff, Slate

The key to zero trust security? Changing human behaviour | enterprise.nxt

Zero Trust Security | Aruba

The Fletcher School at Tufts University

Josephine Wolff LinkedIn


Michael Bird
Hewlett Packard Enterprise

twitter.com/HPE_UKI
linkedin.com/company/hewlett-packard-enterprise
hpe.com/solutions

Follow me on Twitter: @miclbrd
0 Kudos
About the Author

Michael_Bird

I'm a Digital Marketing Manager for UK and Ireland at HPE and I've been working in the IT industry for nearly 10 years. I'm fascinated by technology and the impact it has on organisations and us as individuals.

Top Kudoed Authors Last 30 Days
Author
Kudos
Mattab Avatar
Mattab
1
View all
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.