Menu Close

Zero trust approach to security: Never trust, always verify

Technology column header

If love means never having to say you’re sorry, zero trust means never trusting, always verifying — even if that person is within your own organization or “trusted” network. As work from anywhere becomes the new normal and organizations migrate their data and activities to the cloud, IBM Security is providing zero trust blueprints that will help companies address growing fragmentation and complexity challenges. This open approach and overall strategy will enable companies to securely manage and integrate hybrid applications, including blockchain, as they go through their digital transformation journey, according to Matthew Glitzer, VP, IBM Integrated Security Business, Asia Pacific.

“There’s a place for blockchain. These are hybrid models, and certainly the ability of blockchain is a critical element of trust, and I think that will essentially be part of the zero trust approach as blockchain and the business and commercial applications of blockchain become more widely adopted. But I think for anyone going on a journey, I think it has to consider blockchain, but it’s part of an overall strategy, not necessarily just the central piece,” Glitzer said in response to my question.

Beyond technology solutions

Matthew Glitzer, VP, IBM Integrated Security Business, Asia Pacific, emphasizes that zero trust is an open approach. Image credit: IBM
Matthew Glitzer, VP, IBM Integrated Security Business, Asia Pacific, emphasizes that zero trust is an open approach. Image credit: IBM

Glitzer was responding to my question on how the appeal of blockchain is that it is a trustless system. Not only is trust in blockchain built into the technology itself, but also it provides transparency. So while the technology may be different and zero trust is a framework rather than just technology solutions, these two trends seem to be driven by the same need to reduce reliance on trust in individuals and institutions, and instead verify all transactions.

“The zero trust conversation is one that transcends technologies and is something that connects with both the board and the technical people who are having to bring these solutions together. I think there’s a lot of exciting innovation to be done in this area [blockchain], but the fundamental principle of this is all of those systems, whether you’re working from home, or whether your data is residing in a cloud environment, or your applications are running elsewhere, we’re now starting to wrap this context around all of our decision making so that we can enable better security at lower cost and more agile applications across the board,” said Chris Hockings, CTO, IBM Security, Australia and New Zealand.

Change in mindset

The core principles of zero trust are:

  • least privilege access
  • never trust, always verify
  • assume breach

This admittedly requires a change in mindset, particularly since for years we have become used to trusting individuals if they are within our organization. I’m sure many of us have learned the hard way that the accounts of our trusted contacts may become compromised, and that insiders can also be responsible for security breaches.

In fact, as we reported last year, compromised employee accounts are the most expensive root cause of data breaches. Among the zero trust blueprints that IBM Security provides is one that addresses this rise in insider threats.

IBM Security also cited an ESG study showing that “45 percent of organizations who were more mature in their zero trust strategies had a very smooth transition to employees working from home, as compared to only 8 percent of those that were the least mature”.

So, who can you trust? In an increasingly fragmented and complex work environment, the answer is: no one.

And we don’t have to say sorry for that.

Leave a Reply

Your email address will not be published. Required fields are marked *