In a zero trust world, where is the UK?

President Biden's Executive Order has opened the doors to Zero Trust - but will Boris Johnson follow suit? Tony Scott, board member, ColorTokens, former federal CIO for the Obama administration, offers his insight.
President Biden’s Executive Order has opened the doors to Zero Trust, but will Boris Johnson follow suit? Tony Scott, board member, ColorTokens, former federal CIO for the Obama administration, offers his insight.

Whether you are a business or an individual, you are a target. For whom? Well, it’s difficult to put names to the largely masked faces, but the fraternity of cybercriminals that operate globally around the clock don’t really care about their victims. Sure, one big ransomware attack on a large enterprise can yield a tidy profit, but so can countless smaller-scale ransomware attacks on the general public. Not a day seems to go by without another headline acknowledging cybersecurity failures.

Cybercriminals have had their fun via various GDPR breaches, with some eye-watering fines dished out to those organizations in question and have recently taken to attacking all kinds of superstar targets – the NHS, Microsoft, LinkedIn, etc Marriott Hotels and even Garmin. And all of these incidents serve to illustrate the (largely) ineffective cyber defences and response solutions employed by said organizations. For example, the widely reported Solar Winds hack of late 2020 targeted the Department of Homeland Security, the Treasury Department, and very high-profile victims. This particular hack highlighted the generally futile approach of a reactive response, rather than being proactive and assuming a breach is already happening. Slapping yourselves on the back because you’ve managed to bolt the barn door long after the horse ran off, doesn’t quite cut the mustard here.

And all too often the finger of blame is pointed at the employee: they are accused of poor security hygiene; they are suckers for a dodgy phishing link; they use work devices for personal tasks; etc. And yes, all of these things might have a ring of truth to them, but in reality we should be holding the enterprise responsible. Their IT networks are designed to exchange and use information in a way that actually presents a massive attack surface to cybercriminals, who are able to deploy laterally through such networks, looking for whatever is of interest to them. To add fuel to the fire, enter COVID-19. With an almost overnight shift to remote working (or hybrid models), the pandemic put huge pressure on already stressed IT departments to accelerate digital transformation. These IT infrastructures weren’t designed for a largely remote workforce. Cybercriminals, however, were rubbing their hands with glee: perfect conditions and greater opportunities for their nefarious activities.

If cyberthieves can go about their (bad) business without detection by taking advantage of trusted processes, then those systems are not fit for purpose. It’s time to move the goalposts and trust nobody. Enter Zero Trust.

The zero trust concept

The shift to remote working means that people often need access to data that lives in your organization’s data centres. To facilitate this access, businesses regularly make use of virtual private networks (VPNs). However, the use of a VPN opens up your infrastructure to networks and devices that you ultimately can’t control. You need to know who is connecting to your apps, what kind of device they are using. and associated access requirements. That’s the underlying concept behind Zero Trust network access (ZTNA): the provision of uninterrupted connection to your apps minus any risk to your data. By using ZTNA, an organization can effectively hide apps outside of the public internet with only authorized users granted access. With Zero Trust, the defining mantra is to trust nobody from the outset: everyone is a potential threat.

Biden buys in

Following on from the Solar Winds debacle, it was widely reported that the US government was considering reorganizing its cybersecurity approach by making the Cyber Command independent from the National Security Agency. So it came as no surprise to see US President Joe Biden giving his full support to the Zero Trust approach with an Executive Order that seeks to improve the nation’s cybersecurity, with specific emphasis on Zero Trust architecture. Zero Trust security architecture offers the most effective and practical solution to the ongoing escalation of cyberthreats. Using ongoing surveillance and checks, IT infrastructure becomes more of a stronghold – it is difficult to get in, and even harder to remain undetected.

READ MORE:
What About the UK?

Irrespective of Biden’s Executive Order, Zero Trust is already becoming the de facto approach for organizations all over the world. So, what about the UK? Well, currently there has been no endorsement of Zero Trust technology from 10 Downing Street. Was it a topic of conversation during Boris Johnson’s recent face-to-face meeting with the US President? Who knows, but it would be nice to think that it was given the disruption and chaos that a major cyberattack can cause to individuals, businesses, and even the government—and yes, that includes you, Mr Prime Minister. We can only hope that the familiar copycat tactics that the UK tends to adopt after the US rubber stamps something will apply to Zero Trust too.

Zero Trust security thinks the worst and assumes networks are not secure unless proven otherwise. The UK government needs to demonstrate its commitment to cybersecurity by recommending that organizations adopt the Zero Trust approach.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...