The road to Zero Trust not necessarily paved with gold

Issue 5 2023 Editor's Choice, Access Control & Identity Management, Information Security

As discussed in my first article in this series, whilst Zero Trust must be the goal, there are a few potholes to navigate on the journey. Let me expand slightly more on these caveats, but also expose the greatest ally of Zero Trust.


Paul Meyer.

Peer to peer (P2P) technologies – prevalent in the late 1990s and very popular at that time – present another challenge in the road to Zero Trust.  These technologies were widely used across enterprise workforces and are known to be inadvertently capable of counteracting the principles of Zero Trust, particularly in Windows 10. Unless stringent Windows update sharing configurations are in place, P2P settings in this environment can inadvertently enable unauthorised lateral movement, exposing sensitive data.

Another potential weak point for Zero Trust implementations is the adoption of mesh network technology, where the trust model is built on keys or passwords and thus lacking the dynamic authentication necessary for robust Zero Trust setups.  Relying entirely on keys or passwords for access has been proven to be unsuccessful – all one has to do is to look at recent high profile breaches that highlight the hazards of this approach. Such protocols can easily be exploited by today’s highly tech savvy cyber criminals who appear to gain unrestricted access to sensitive resources with ease.

The ever expanding attack surface

Above are just some of the stumbling blocks to the implementation of Zero Trust, and if one adds the endpoint explosion through the internet of everything, the challenges are exponentially multiplied. For example, IoT is a major consideration for industries that already use a huge number of connected devices in their daily environments, as well as industries where this change is imminent.

There is not enough scope in this article to continue ad nauseam to outline the hurdles, and yet reveal how all can be conquered. But before I move to the positive, I must briefly touch on the all-important matter of regulatory compliance. New requirements are constantly emerging as legislators  struggle to keep pace with the latest trends and technologies, but the bottom line is that enterprises must also keep pace or risk the consequences of cyber breaches, namely reputational damage, hefty fines and operational downtime.

If, in reading this you are throwing your hands in the air and wondering just how much more difficult implementing Zero Trust can be, let me relieve some anxiety by noting that organisations tackling endpoint explosion can look to the cloud as a Zero Trust ally. Critical data can be taken off the endpoint and put in the cloud, making it impossible for cyber criminals who cannot get information from the endpoint if it is not there in the first place.

Connecting to the cloud can provide better protection and visibility into traffic as it replaces connecting to head office, for example for remote employees. Zero Trust can be enforced through the cloud without inserting a firewall in front of every resource. This approach reduces the opportunity for attack as it simplifies the architecture.

The only certainty is change

Just as technology constantly changes, cybersecurity also continually evolves. The sophistication of technology change keeps pace with that of cyber threats, with risk escalating in step with the amount of data requiring protection. As you are no doubt aware, we are creating more information than we ever have before, and conversely, less than we will in the future. This is where the cloud comes into the picture again.

The consumer space well and truly embraced the cloud, using it to store data about their entire lives – including their most sensitive personal information. Although businesses have been somewhat slower to adjust, there are changes in this pattern as companies are seen to be adopting the cloud en masse with 94% of enterprises utilising at least one cloud service and an estimated 83% of all enterprise workloads said to be in the cloud.

So, while the cloud has disrupted traditional cybersecurity, it has great ability to enable Zero Trust security in the era of information overload. It is only in the cloud that big data and analytics can be leveraged over huge networks of endpoints to predict and manage threats in real time. Only the cloud can be updated effortlessly and automatically with the latest security upgrades, keeping it a step ahead.  The more pervasive cloud becomes, the better it can mobilise to confront threats as soon as they emerge.

In conclusion

The path to Zero Trust is challenging, but with a clear vision, strong partnerships, and a commitment to security excellence, organisations can fortify defences against the relentless tide of cyber threats. To do this, businesses must embrace cutting-edge solutions that align seamlessly with their changing security needs, enabling them to remain resilient in the face of ever-evolving cybersecurity threats.

Paul Meyer is a Security Solutions Executive at iOCO Tech. He has over two decades of experience in IT Security technology covering application, identity, perimeter and endpoint security. He commenced his career as a Security Engineer Team Lead and has held senior positions with multiple security vendors and ICT service providers in South Africa.

In May 2022, Paul was appointed to the role of Security Solutions Executive at iOCO, where he is responsible for identifying, learning and bringing security solutions to market. The role is strongly focused on technically supporting the sales process and managing vendor relations.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Here’s to a SMART 2025
SMART Security Solutions Editor's Choice News & Events
This is the final news brief from SMART Security Solutions for 2024, and the teams would like to take this opportunity to thank our readers, advertisers and partners and wish everyone a safe and secure festive season.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
AI-powered automation for an operational efficiency edge
Editor's Choice AI & Data Analytics IoT & Automation
In the fast-moving world of digital transformation, businesses are under immense pressure to accelerate their operations and adapt quickly to stay competitive in an era dominated by AI and technological advancements.

Read more...
2025 Southern Africa OSPAs entries now open
Technews Publishing Editor's Choice News & Events Training & Education
Entries are now open for the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs). The OSPAs are designed to be both independent and inclusive, providing an opportunity for outstanding performers, to be recognised and their success to be celebrated.

Read more...
Elvey to distribute Tiandy
Elvey Security Technologies Editor's Choice Surveillance News & Events
Tiandy’s presence in South Africa was boosted in November with the announcement that Elvey Security Technologies will distribute a broad range of Tiandy equipment through its channel partners and provide project assistance.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Suprema showcases enterprise security at Integrate 360
Suprema News & Events Access Control & Identity Management
Since 2006, neaMetrics, Suprema’s distributor in Africa, has worked closely with Gallagher, building a robust partnership resulting in seamless integration between Suprema’s advanced biometric readers and Gallagher’s security management platform.

Read more...