Zero trust given. And why that’s a good thing for hybrid cloud environments.
While it makes perfect sense to push your workloads to the public cloud, especially if they can be moved into SaaS environments, this doesn’t work for all legacy workloads. This is why we continue to see – and advocate – hybrid cloud environments.
For many organisations juggling workloads is not a matter of taking a cloud-first approach but opting for cloud-fit instead. This involves finding the ideal cloud environment for each workload. One that’s cost-effective and ticks all the security boxes.
But this is when it gets tricky. If you’re taking a cloud-fit approach, how do you ensure cyber resiliency across all your platforms? And what happens when your data is moving between those platforms?
Data breach statistics aren’t getting any prettier, with a 26% increase in notifiable data breaches to OAIC in the latter half of 2022. Which is where zero trust comes to the fore.
But first, let’s back up a bit – what is zero trust, why is it the hot new approach, and how do you get some?
Trust no one, question everything
Two of the best cybersecurity rules to live by are: 1. Trust no one. 2. Question everything. And those rules, in a nutshell, are the key to zero trust.
Zero trust takes distrust of and questioning your users to a whole new level – but this is a good thing. Regardless of whether they’re inside or outside of your network, users are subjected to authentication, authorisation, and continuous validation for security configuration and posture. Only when they pass these conditions with flying colours are they a) granted access or b) allowed to have continued access to your applications and precious data.
Importantly to those who have gone the cloud-fit route, zero trust assumes that there is no traditional network edge. So, networks can be local, in the cloud, or a combination or hybrid with resources anywhere, as well as users in any location. Regarded as ‘perimeterless security’ (just think of networks without borders!), the zero-trust security model is also known as zero trust architecture (ZTA), zero trust network architecture or zero trust network access (ZTNA).
And while it’s so hot right now, zero-trust isn’t actually new. (You might like to check out this excellent article on the history of zero-trust here on TechTarget.) However, it is the way to go.
In a 2022 Forrester Opportunity Snapshot, the renowned researcher reports that 83% of Australian and New Zealand firms say zero trust is the future of their organisation’s security. And in tech news publisher VentureBeat’s article on zero-trust trends for 2022, they include zero-trust becoming the foundation of more hybrid cloud integrations as one of the big four trends to watch out for.
So, how and where do you get started?
It’s all about leadership
It’s important to remember that zero trust is a philosophy, not a product. And like most philosophies, it can take some effort to get everyone on the same page.
To quote John Engates, Field CTO for Cloudflare:
“To get zero trust across the finish line, some companies may appoint a zero trust officer. Showing leadership, demonstrating how important it is to the organisation, putting someone in charge of getting to a zero trust stance is really critical. No matter how you demonstrate that to your stakeholders, it’s really critical for someone to stand up and say, ‘We’ve got to do better at this; we have to do it comprehensively across the entire organisation. And we have to do it soon because the threats aren’t getting easier to deal with.”
In their Opportunity Snapshot, Forrester agrees, saying it’s critical to “be a leader and communicator, not a technician.” They report that 48% of zero trust leaders in Australia and New Zealand said “their stakeholders struggled to understand the business value of adopting a Zero Trust approach. Only 41% listened and understood stakeholders’ criticism or feedback, then worked through their issues with the Zero Trust team, and returned with a solution.” Forrester concludes that this poses a challenge as zero trust leaders thought the most important trait in their role was to be technical (52%), compared to being communicative (13%).
Despite the challenges, Forrester says that these same zero trust firms reported a more empowered employee experience, with 74% reporting more flexibility to work from anywhere or on any networks, 61% were relieved of the burden of security responsibility through password-free authentication, and 27% enjoyed an increased choice to work with any device or programmes.
So, where to start?
Engates from Cloudflare is a fan of making the zero trust goal manageable by attacking it in bite-sized chunks. He says that the important thing is to “get started and get moving.” And we agree.
To help you address the challenges created by the shift to cloud hosting, remote work, and other modernisation, Zerotrustroadmap.org provides an excellent step-by-step vendor-agnostic roadmap, complete with an implementation timeline.
Or you’re welcome to just talk to us.
In partnership with Cloudflare, a global leader in zero trust services.
