More than 86 million Americans use the social media app TikTok to create, share, and view short videos, featuring everything from cute animals and influencer advice to comedy and dance performances.
Concerned experts point out that TikTok’s parent company, the Beijing-based ByteDance, has been accused of working with the Chinese government to censor content and could also collect sensitive data on users.
New cyber threat landscape spurs shift to zero trust security paradigm
New cyber threat landscape spurs shift to zero trust security paradigm
New cyber threat landscape spurs shift to zero trust security paradigm
Our everyday life is digitally reliant and interconnected like never before. However, as our digital connectivity expands, so too does our vulnerability and exposure to malicious cyber-attacks.
Tech-driven trends that empower, enable and influence how we communicate, work and learn are driving immense business and public service opportunity, whilst triggering significant digital challenges across today’s cyber landscape. Addressing these risks requires a new approach to data security – enter zero trust.
Zero trust is a cybersecurity model that shifts how organizations approach security from reliance solely on perimeter defences to a proactive strategy that allows only known good activity across ecosystems and data pipelines.
Adopting this new approach will help increase trust in digital services, protect data and enable organizations to realize the huge potential of digital transformation.
Never trust, always verify
A paradigm shift in IT security, zero trust is a definitive departure from traditional security protocols which are no longer suited to the world we live in, how we work, and how we access online services.
Increasingly, the old cybersecurity standard of ‘trust first, verify later’ is being scrapped and replaced with a counterintuitive concept of ‘never trust, always verify’.
Since Forrester’s John Kindervag first coined the term zero trust, the model’s guiding principle has been to “deny access to applications and data by default”.
Now more than ever, enterprises and organizations benefit from the continuous verification requirement that repeatedly checks identities of every person or device before allowing access to digital assets.
Zero trust is a “data-centric approach that continuously treats everything as an unknown”, explains the World Economic Forum’s Centre for Cybersecurity, “whether a human or a machine – to ensure trustworthy behaviour”.
Building momentum for a ‘no trust’ model
Momentum is building for acceptance of the no trust model, due largely to rising security threats from without and within. And more than that, pressure is mounting to comply with international regulatory demands, as seen in Europe and the US, among the first government agencies and critical infrastructure providers now mandating the adoption of Zero Trust Architecture (ZTA) by 2024.
Whatever the incentive, once implemented, ZTA can expand an organization’s alignment of cybersecurity strategy across environments – both in the cloud and at the edge – ensuring networks of the future are cybersecurity ready.
The benefits of a zero trust implementation are realized in:
- Greater control over access
- Authorization to applications and sensitive data
- Reduced IT complexity
- Delivery of secure, predictable results for all users
- Secures 5g built outside the protection of a service provider enabling of all 5G benefits
- Enhanced cloud-based security
The advent of revolutionary 5G technology with advances in speed and connectivity promises seismic improvements in vital, quality-of-life sectors like healthcare, notably medical research, and treatment. However, greater capacity also brings wider vulnerability.
Unleashing the full potential of 5G while protecting its networks against attack will require major investment in zero trust security infrastructures.
Once implemented, zero trust will likely be the defining factor in scalability, security and sustainability of 5G and its supporting multi-cloud networks.
Zero trust journey to the cloud
Similarly, organizations moving digital assets to the cloud also face heightened security risks. Default cloud security controls may be ineffective at preventing cyber-attacks, as the Elastic Threat Report suggests, and users overestimate the security of their cloud deployments.
By incorporating a zero trust platform in the fundamental design of the new cloud infrastructure, the journey to cloud-delivered solutions can realize:
- Secure access from any user or device, regardless of location
- Reduced complexity of IT network-security architectures
- Optimized IT resources to focus on priorities
- Simplified user experience with single sign-on (SSO) and password tools
- Expedited, seamless access to applications for hybrid workers
Targeted industries seeking security gap solutions
Without the zero trust paradigm, industries with vital services that become more open and globalized are gambling with their data protection.
The majority of IT leaders question the adequacy of current cyber systems to bridge security gaps, according to the recently published 2022 Dell Technologies Global Data Protection Index:
- 76% say data protection solutions are lacking for newer technologies like cloud, edge, and the internet of things
- 69% expect a disruptive event to occur in the next 12 months
- 86% have already experienced a disruption in the last year
In the last 36 months, Skybox Security found, the most-targeted industry of manufacturing faced 61% of operational technology cyber attacks; the oil and gas industry accounted for 11% of attacks.
These and other critical industry sectors, including fintech, are increasingly looking to zero trust for new digital security solutions.
The path forward – disrupting the disruptors
Disruptions by cyber threat actors will no doubt increase. Whether challenges are sophisticated cyberattack schemes, geopolitical tensions, or supply chain vulnerabilities, a more effective approach is needed to confront present day digital challenges.
Companies and governments entering the new frontier of zero trust will not find a one-size-fits-all solution. The new architecture requires a multi-layered approach tailored to the security needs of each organization.
“There is no neutral IT decision with respect to risk. It’s not about security outside of the IT decision, it’s about security that is intrinsic and tied to every IT decision, every vendor selection, every architectural decision.” — John Roese, Global Chief Technology Officer, Dell Technologies
It’s time to embrace the zero trust paradigm. Organizations of all sizes should engage with trusted public-private sector partners to place zero trust at the heart of the digital infrastructures we build today for healthcare, education, energy, communication and more.
By mandating its inclusion, governments are leading the way – it’s important that industries, sectors and communities now seek to move in the same direction to meet generation-defining digital challenges.
This article was republished from the World Economic Forum under a Creative Commons license to point warfighters and national security professionals to reputable and relevant war studies literature. Read the original article.
Adrian McDonald is president of EMEA region at Dell Technologies. This article does not constitute endorsement of Analyzing War by the author/s.
Related Articles
Pentagon leaks suggest China developing ways to attack satellites – here’s how they might work
The recent leak of Pentagon documents included the suggestion that China is developing sophisticated cyber attacks for the purpose of disrupting military communication satellites. While this is unconfirmed, it is certainly possible, as many sovereign nations and private companies have considered how to protect from signal interference.
Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction
The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.
Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.