Dave Barnett at Cloudflare argues that only businesses that think like digital natives can only succeed with Zero Trust
Cyber-attacks are increasing in frequency and sophistication. In this landscape, it’s clear that businesses need to develop IT security strategies that can respond when attacks occur, but also prevent them from happening.
We’re also seeing a shift in the strategies recommended to organisations regarding their approach to cyber-security, as they should be adopting a triple focus on people, applications and networks. Within this context, Zero Trust security policies are becoming an increasingly popular approach.
These security models are best placed to meet increasingly complex data protection needs, given their emphasis on Zero Trust Network Access (ZTNA), which emphasises continuous verification, even within the network’s perimeter, in departure from the traditional castle-and-moat approach.
That said, widespread adoption of this model relies on the curiosity of businesses that truly understand the potential of new technologies. Digital native businesses (DNBs) are particularly relevant in this regard, with their reliance on tech-driven operating models making them leading candidates to advance Zero Trust.
What’s more, research suggests the global average cost of a single data breach is almost $4 million. This makes the adoption of this technology all the more pressing for every organisation, with digital businesses needing to pay particularly close attention – as they have even more to lose.
By adopting Zero Trust within IT security, traditional organisations who adopt a DNB mindset will be primed to differentiate themselves from competitors by showcasing their commitment to innovation. They will be able to show their business that they are adopting modern approaches to data security; thereby helping them to achieve their goals in accelerating their security transformation agenda.
A case in point very recently was a major government healthcare provider who, whilst mandated to use VPNs, actually adopted ZTNA combined with an advanced EDR to provide visibility and control to better protect themselves against the global threats out there.
Cyber-security matters for DNBs
It may be helpful to talk a little about the mindset that digital native businesses possess. They are defined by their adaptability and willingness to learn. Unlike some traditional businesses that have been slower to undergo digital transformation, these organisations have chosen to embrace new technologies as a core part of their identity.
This applies even more so to cyber-security, with DNBs being highly conscious of the need to protect people’s data in ways that embrace new technology. Being heavily reliant on technology to run their businesses, they have acute knowledge of the consequences of data breaches for all involved. DNBs are triggering a change in the discussion around cyber-security by focusing their attention on forming a robust security culture.
With their heavy focus on all things digital, these organisations also contribute to inspire market verticals such as retail, banking, and insurance to speed up their own digital transformation. This encouragement can only be a good thing, and industries will continue to inspire one another to provide the best tools and services to their customers.
Savvy businesses understand that by making trust the starting point, they can deliver greater value to their audience. If clients and consumers are confident that businesses can protect their information, they’ll stand to gain through improving customer experiences and ultimately securing greater revenues.
How DNBs advance Zero Trust
With their innate understanding of cyber-security risks, of the needs for a human being to use IT that just gets out of the way, and the value of data, these digital-first businesses are a perfect fit for the Zero Trust approach. By adopting this model, they stand to gain several advantages and can contribute to a safer environment for businesses by promoting its benefits.
A focus on user experience. By eliminating the VPN and replacing it with ZTNA, organisations are removing unnecessary steps in the way of a user. By integrating ZTNA with strong authentication and inexpensive hardware security, DNBs are able to achieve the double win of better user experience AND a better security posture – an outcome rarely seen in the tech industry.
Understanding the importance of data security. With users only permitted access to the information they need and that need continuously re-evaluated, Zero Trust architectures provide a strong insurance policy against lost or stolen data in the event of a security breach. Zero Trust can radically reduce the ‘blast radius’ of a data breach by limiting the access the stolen credentials allow an attacker.
Considering the significant cost of a single cyber-incident, implementing these frameworks constitutes money well spent given the reduced operational risk. This applies even more to DNBs, which rely on cloud-based solutions (SaaS, IaaS, and PaaS) to process and store their data.
Embracing a dynamic and distributed environment. Zero Trust also acknowledges the shift in the modern IT landscape, with the rise of cloud services, remote work becoming ‘the norm’, and mobile devices rendering the traditional network perimeter obsolete.
While Zero Trust requires continuous verification of users, devices, and network traffic before granting access, DNBs have already proven their familiarity with the components involved in distributed infrastructures. This makes them well-suited to understand and navigate modern IT environments.
Accepting the need for continuous monitoring and authentication. Given the emphasis on constantly monitoring and authenticating users, devices, applications, and network traffic, Zero Trust is also well placed to serve DNBs already acquainted with security measures like multifactor authentication and biometrics. This makes them more likely to accept and adapt to the ongoing verification processes demanded by Zero Trust.
Embracing SASE for user-centric and context-aware security. When operating as part of a SASE (secure access service edge) framework, Zero Trust also considers contextual factors for access decisions.
These include the user’s location, time of day, enterprise security standards, compliance policies, and an ongoing evaluation of overall risk when granting access. DNBs, accustomed to personalised experiences and context-aware technologies, appreciate the benefits of these security measures and adapt their behaviours accordingly.
Implementing Zero Trust security
As businesses strive to protect their assets, prevent data breaches, and earn the trust of their customers, it’s crucial to prioritise a digital native mindset and embrace the principles of Zero Trust for a secure future. This will provide a strong security posture and add value to businesses by fostering innovation, safeguarding sensitive information, and promoting brand loyalty.
Digital native businesses (DNBs) are uniquely positioned to drive adoption of this security framework, with their inherent understanding of cyber-security risks and commitment to data protection aligning perfectly with the core principles of ZTNA.
Although it may sound deceptively complex, adopting a Zero Trust security model can be relatively simple by partnering with the right technology providers. For instance, it’s possible to implement SASE platforms that combine networking services with a built-in Zero Trust approach to user and device access, while customers automatically implement Zero Trust protection around all their assets and data.
This, in turn, boosts innovation, enhances customer experiences, fosters brand loyalty, and drives the overall success of businesses in an increasingly interconnected and vulnerable world, transforming threats into opportunities.
Dave Barnett is Head of SASE EMEA at Cloudflare
Main image courtesy of iStockPhoto.com
© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543