- Community Home
- >
- HPE Community UK, Ireland, Middle East & Africa
- >
- HPE Blog, UK, Ireland, Middle East & Africa
- >
- Zero Trust: An impossible goal?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Printer Friendly Page
- Report Inappropriate Content
Zero Trust: An impossible goal?
“Trust no one,” sounds like the tagline for a paranoid spy thriller, but when it comes to protecting your company, cybersecurity experts say it might just be sound advice.
“Zero trust” is a security concept from the nineties having a renaissance today, as companies try to deal with bolder and more sophisticated cyberattacks. Since threats can now come from anywhere, say zero trust proponents, the suspicion that’s normally reserved for strange attachments and fishy emails must now extend to all parts of your business. Remote employee logins, external software updates, even hardware from reputable dealers—everything is under scrutiny. But how deep does the rabbit hole go? How can a regular business implement zero-trust architecture? And most importantly, will your CEO be locked out of their email?
In this episode, host Michael Bird speaks with Josephine Wolff, Assistant Professor of Cybersecurity Policy at Tufts University about the broad-reaching SolarWinds security breach, which has shown the need for zero trust strategies. We learn about how the changing workforce affects the evolving world of enterprise security from Simon Wilson, Chief Technology Officer of Aruba Networks in the UK & Ireland. In addition, HPE Chief Technologist Chris Dando stops by to scare us to bits about all the potential compromises in our supply chain.
Better Safe Than Sorry
Zero-trust architecture can sound tedious and difficult to implement but it’s important to remember the very real threat that cybersecurity breaches can pose to businesses.
Josephine Wolff, Assistant Professor of Cybersecurity Policy at the Fletcher School of Law and Diplomacy at Tufts University, tells us the story of the 2020 system breach at IT company SolarWinds, which affected over 18,000 customers and resulted in security compromises at places like Microsoft and the US Pentagon.
HPE Chief Technologist Chris Dando details the reputational, financial, and societal damage that can arise from a security breach. The upshot? What sounds tedious now can save major headaches later.
The more things change, the more they stay the same
The pandemic has accelerated a change in how people work, which Simon Wilson, Chief Technology Officer at Aruba Networks UK, argues should require a corresponding upgrade in our security infrastructure. It used to be that simply being in the office was enough to authenticate a user. But as people work remotely, from their personal computers, or on mobile devices, more layers of scrutiny must be applied.
So…what does this mean for the end user? Can employees work from home without compromising security? Will you need a hundred passwords and a retina scan? Are we talking three-factor authentication?
According to Wilson, zero trust doesn’t mean user experience will change—in fact the opposite. Wilson says that if security is too cumbersome, employees will find a workaround, opening the door to other threats. Part of making a security system strong is making it nearly invisible.
It’s a state of mind
So, you’re swayed by the idea of zero trust, now how do you make it happen? That depends, says Simon Wilson. Because zero trust is a concept, not a specific structure, users can implement it in a way that works for them.
This means you don’t have to apply zero trust to your business all at once. Dando says this gives you the flexibility to start protecting the areas of your business that are the most important.
Josephine Wolff reminds us that your zero trust network doesn’t have to be perfect. It’s all about the principles of stronger authentication, traffic monitoring, and network segmentation. So, you can do it—trust yourself! Just don’t trust anybody else.
Key takeaways:
- The threats are out there whether they come from external software updates, compromised hardware, or good old-fashioned phishing. Cyberattacks are being attributed to hostile governments, which are better-funded and more creative.
- Zero-trust doesn’t change the end user experience. Zero-trust network architecture happens on the back-end, often times automatically.
- Zero-trust doesn’t mean ZERO-trust. It’s more of a framework for increased scrutiny across a variety of different security channels.
Links and Resources:
Zero Trust Principles | National Cyber Security Centre
Zero Trust Architecture | NIST
The SolarWinds Hack Is Unlike Anything We Have Ever Seen Before | Josephine Wolff, Slate
The key to zero trust security? Changing human behaviour | enterprise.nxt
The Fletcher School at Tufts University
Michael Bird
Hewlett Packard Enterprise
twitter.com/HPE_UKI
linkedin.com/company/hewlett-packard-enterprise
hpe.com/solutions
- Back to Blog
- Newer Article
- Older Article
- Mohamad El Qasabi on: How HPE is accelerating digital transformation in ...
- MargaretN on: Welcome to the Middle East Region Community Blog
- Martin Visser on: Everything-as-a-Service: Is your organisation read...
- Kevin Barnard on: Planning for what is next – Overcoming current cha...
- Chris_Ibbitson on: Multi-cloud in Financial Services
- DJMutch on: Think global. Act circular. The circular economy a...
- BrianJenkinson on: NVMe alone is not enough, it’s time for Storage Cl...
-
Coffee Coaching
6 -
Technologies
292 -
What's Trending
62 -
What’s Trending
155 -
Working in Tech
147