A Zero Trust World

Aug 31, 2021

If you are a cyber security professional, unless you’ve been living under a rock, you will have heard about Zero Trust. Actually, hang on, we’ve been in lockdown, so we have technically been living under a rock, nevermind!

On a more serious note, the reality is, in an effort to stem the spread of a biological virus, governments and organisations stipulated a change in our work patterns. This meant that many enterprises had to pivot and adapt to a new system architecture, from a hub and spoke model to a distributed system design, one which is well supported by the public cloud. Together with a better understanding of controls and responsibilities, the events of the past 18 months undoubtedly accelerated an extant industry trend, with organisations progressively moving assets to the public cloud.

This has also brought another concept, Zero Trust, to the fore. The principle, as its name implies, can be defined as not implicitly trusting another person, or increasingly another system. This makes sense on public clouds, which are multi-tenanted systems. Unlike traditional on-prem systems, assets from multiple organisations can be hosted on the same physical devices, with logical separation.

Identity is the foundation of Zero Trust. When verification is at the heart of what you are trying to do, it places greater importance on checking an individual or system is what they say they are. This is typically achieved through multifactor authentication (MFA). MFA states that someone or something needs to use more than one way, or factor, to identify who they say they are. These can be one from each of something they know, something they have and something they are. With Zero Trust, verification is effectively required before access to any resource or asset. To ensure operational agility and useability, the process is streamlined, automated and managed through confederated identity.

The past 18 months or so has seen fundamental changes in our social interactions, with additional restrictions, controls and checks as means to safeguard everyone against a biological virus. As a result of this, we are seeing a similar evolution of controls and checks with our electronic presence with Zero Trust architecture as a direct result of how, where, and when we access electronic devices, a trend which has been accelerated by the pandemic.

Dr. Wendy Ng is a DevSecOps Security Managing Advisor, who’s honed her technical consulting skills through a number of industries: aerospace, healthcare, fintech, telco, transport logistics, and critical national infrastructure. Wendy completed her doctoral studies at the University of Oxford and has contributed to the scientific community through peer-reviewed publications. She has been sharing her experience and expertise, addressing key challenges, in her blogs since 2016.