As organisations step up war on cybercrimes, a new model is promising to give businesses a huge boost as they seek to secure their operations from online fraudsters.
The new model, dubbed Zero Trust is the brainchild of cyber-security expert John Kindervag of Forrester Research in North America. The model works on the assumption that any connection, endpoint or user, is a threat and that a network ought to be adequately resilient against all threats, whether external or internal.
While the concept was originally born in 2010, it is now that a rising number of businesses are using it as cyber-attacks become more frequent and vicious.
Anthony Muiyuro, an associate director of cyber-security and privacy at KPMG East Africa, says the model requires all users, whether in or outside the organisation’s network, to be authenticated, authorised and continuously validated for security configuration and posture before being granted access to data.
“Zero Trust is a strategic approach to cyber-security that secures an organisation by eliminating implicit trust and continuously validating every stage of a digital interaction. Rooted in the principle of ‘never trust, always verify’, Zero Trust is designed to protect modern environments and enable digital transformation by using strong authentication methods,” says Muiyuro.
Official data shows that external hackers can breach around 93 percent of company networks while 44 percent of executives think their security isn’t keeping up with the fast-paced digital transformation being witnessed globally.
In Kenya, an increasingly digitised economy deepened by high penetration of electronic devices has made the country highly prone to online fraud, with banks bearing the brunt of the attacks and losing hundreds of millions annually.
In the year ended June 2022, the country recorded over 200 million cases of malware attacks which accounted for the majority of cyber hacks, with the most prevalent being Ransomware.
A Statista global survey shows that around 72 percent of organisations have plans to adopt the framework while 42 percent have already started.
By 2026, the global Zero Trust market is projected to hit over $50 billion (Sh6.1 trillion), driven mainly by the frequency of targeted cyber-attacks, information security standards as well as renewed efforts by governments to enact data protection regulations.
During the Covid-19 pandemic, the adoption of Zero Trust model became more rapid as firms made a shift from the traditional reliance on virtual place networks (VPNs).
Zero Trust, according to Dimension Data East Africa technical solutions architect Lloyd Oandah, makes it hard for anyone to cheat as it eliminates nearly all possible breach gaps and can also be customised to fit within the parameters and needs of an organisation.
“Zero Trust is a strategic approach to security that focuses on eliminating the concepts of implicit trust, consistently validating every individual and every point of access and at every point of digital interaction,” says Oandah.
“Its value is inherently in its ability to support organisations undergoing digital transformation initiatives and investments by mitigating risk and enhancing their cyber-security posture,” he adds.
Experts say that the model allows for businesses to constantly ensure and establish trust for every entity accessing its assets regardless of location or time. By adopting a mechanism of constant verification and trust in real-time, a business is reassured that anyone interacting with its data has been checked and approved.
In an opinion, technology writer Gilad Maayan says that the Zero Trust framework auto generates protection mechanisms once it detects threats and thus is the perfect fit solution for arresting breach attempts before they go through.
“Unlike traditional security paradigms that defend the inside of a network against external threats, the Zero Trust security model protects against both internal and external threats. By assuming what’s inside the network is untrustworthy, the model can apply protections that prevent cyber criminals from exploiting endpoints to breach the network,” writes Maayan.
Muiyuro notes that the biggest challenge to the adoption Zero Trust model is the complexity in implementation.
“The fact that every user, device, and application must be authenticated and authorized adds an extra layer of complexity — particularly for organizations with a large number of users,” he says. “The best way to overcome this challenge is to have a well-defined Zero Trust strategy and roadmap that will guide this implementation layer after layer.”
On the cost implication of shifting from existing solutions to Zero Trust, Muiyuro says the huge chunk of resources would be consumed during redesigning of security controls to fit into the envisioned organisational model. He is, however, quick to note that the benefits of implementing Zero Trust will by far outweigh the implementation cost.