Why Organisations Need to Put Their Trust in a Zero-Trust Security Paradigm

The internet has brought humanity closer together and technological advancements are allowing the world to become more interconnected. However, every advantage has a drawback, and at the same time organisations are taking on more advanced technologies to improve various areas of their business, cybercriminals are developing more sophisticated methods to spy, steal and manipulate data, and wreak all kinds of digital havoc.

In a recent TechLab webinar titled, “Shifting to a Zero-Trust Security Paradigm in an Increasingly Trustless Digital World,” supported by IBM, Rajesh Baronia, APAC’s IBM Digital Trust Technical Leader, discussed the current challenges that organisations are facing due to the rapidly changing landscape.

He started off by explaining that as more businesses go digital, they must adapt to ensure that their offerings are relevant, reliable and available whenever and however customers choose to access them.

“Now, this isn’t easy for many of the customers we work with. This means shifting the architectures and operations within a mix of cloud and traditional environments. It means enabling employees, suppliers and partners to work together quickly to make the magic happen – which result to having an explosion of users and endpoints accessing your resources,” said Rajesh, adding that traditional security is struggling to keep pace with all the changes that are now happening.

According to Rajeh, this is because traditional security was never designed to handle the magnitude and complexity of the current transformation. Businesses’ systems, users, and data are more connected than ever before, and yet they are also more dispersed than ever, increasing the risk of compromise. Security leaders have too much on their plates, as they must now manage a large number of tools from too many vendors, as well as a high level of complexity in their processes and compliance.

Simply put, companies need to transform their security program to keep up with the changes. To do that, CSOs and organisations are looking at zero-trust to manage digital transformation.

“Every security vendor is talking about it but what you need to understand and remember [is] that zero-trust is not a product. It’s not something that you can buy off the shelf. It’s a paradigm of doing security differently,” explained Rajesh.

IBM has distilled four key principles that organisations can consider when implementing zero-trust practices in their environment:

  • “Never trust, always verify”: Always explicitly verify the user’s identity before granting access, regardless of where the user is coming from. There is no longer any inherent trust. In essence, access is dynamic in nature, requiring continuous assessment before access can be granted.
  • Implement least privilege: Provide users with the least amount of access required to perform any given function. This is a principle of transitioning away from a model in which users have broad access to the environment after being authenticated.
  • Eliminate parameter-based controls: Assume that an organisation and all of its services are accessible via the internet, with no concept of perimeter. With this in mind, you will develop security controls and ensure that your organisation is capable of protecting every interaction that occurs for your services, assuming it is available and accessible to all.
  • Assume breach: With orchestration and automation in place, you will be able to mitigate and respond to threats much more quickly. So, if you can automate and orchestrate your response to any threat that may occur in the organisation, you can essentially be ready to respond to threats at any point in time and assume that a breach has occurred.

Simplifying the Zero-Trust Approach

What IBM has done is help customers define zero-trust in a much simpler way – enabling the right user under the right conditions to have the right access to the right data.

Rajesh explained that “It means that you move away from a focus of a perimeter- or threat-centric approach, to something which we call as an access-centric approach. And to do access better, you need to know what are your critical assets? Where does your crown jewels reside?”

“Once you have identified and classified your data, being able to assess the risk associated with them, you protect sensitive data by encrypting it, defining access policies, monitor access to the data and determine the usage patterns to quickly uncover suspicious activity.”

Furthermore, Rajesh also mentioned that they’ve come up with a business-first approach that organisations can utilise to start on their zero-trust journey. This is an approach that requires an open platform to leverage technology investment with no vendor lock-in that can generate:

  • Insights: Discover and assess risk across data, identity, endpoint, app, and infrastructure.
  • Enforcement: Context-aware access control to all apps, data, APIs, endpoints, and hybrid cloud resources.
  • Detection and response: Identify risks and automate responses that dynamically adapt access controls.

“We at IBM are in a very good position to help you as an organisation embark on the zero-trust journey, and we have built partnership[s] with many of the industry vendors out there. So, you can use a combination of IBM and third-party solutions as you embark and implement zero-trust principled architectures in your environment,” he said.

Having a Trusted Security Partner
In the face of the rising complexity of cyber threats, Helena Huda, Account Manager from TechLab, emphasised the increasing need for a trusted security partner to effectively protect organisations and their data.

TechLab has been a cybersecurity pioneer in Malaysia for over 15 years. They have since established themselves as the leading enterprise systems integrator and solution provider in the country.

“We are experienced in a wide range of solutions. First off, we provide security expertise services where we manage our clients SOC with 24x7 security responses with [an] AI and threat intelligence service covering areas from deployment, to creating client security policies and even incident response,” said Helena.

They have reached a number of milestones in their 15-year journey in enterprise cybersecurity. She shared that one of these is a collaboration with a well-known tech giant such as IBM, the world’s renowned IT principle, to develop intelligent enterprise security solutions and services that help businesses “prepare today for the cybersecurity threats of tomorrow.”

According to Helena, TechLab is all about taking a customer-centric approach and they see themselves as a business enabler. As such, they base their offerings on their “network security pyramid,” which ranges from cloud to cybersecurity, education, and training, which allows them to meet all security-related requirements.

Figure 1: Network Security Pyramid - Highlighted in red are RMIT-related compliance and solution services TechLab offers.

“Our commitment to you doesn’t end with providing solutions and services; it extends to training and empowering your team with knowledge needed on the day-to-day basis and getting the latest updates in technology and know-how,” Helena concluded.

You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments