This new series is the first ever to teach IT architects how to adopt Zero Trust
Where it all began
I spent the first 25+ years of my career running global architecture teams for large multinational companies. I collaborated with and learned from my peers at some of the largest Fortune 2,000 companies in the world. We designed and implemented an architecture that enabled our businesses to transform. Security was but over the years it has become more critical as the infrastructure and data have evolved.
At the start of my career, ‘security’ just meant locking the door when it was time to leave the office. There was no such thing as usernames or passwords, and the largest network consisted of the users’ computers that required access to the corporate ERP system. Everyone had a desktop computer and only worked in an office.
Then came the Internet and email. People needed their own usernames so that they could get email (although passwords were still blank) and the network grew to facilitate this. To keep things secure you purchased a firewall and created that castle and moat we have all become so familiar with. Everyone on the network was fully trusted and could essentially flow seamlessly across the environment.
As time moved on the amount of data companies owned and stored grew, as did the number of applications and servers needed to run the business. People began to realize that this data had value and that if it got into the wrong hands, it would be bad. Security started to become more important. Things like virus protection software that was previously very basic became more enhanced, firewalls became more intelligent, and we added solutions such as IPS/IDS and email scanning. As the business grew, the networks grew huge and were still fully trusting everyone and everything on them. In some cases, we tried to break networks into smaller chunks, but this more often than not created problems so the internal networks were just left wide open.
Then came the cloud. Systems that had previously been only available on the corporate network became available in the cloud. This was supposed to make it simpler for people. We would no longer need to feed and water the on-premises systems and replace hardware that was costly and came with risk. This meant at first, very few companies adopted the cloud. It was relatively expensive and difficult to configure, there was a lack of skills, and it meant that the data and applications would be further from the users than ever. People were also concerned about security, after all, they had spent many years creating systems to protect that castle and moat design.
Then came COVID. The pandemic changed everything. All the users across the world who could work from home did. They got up from their desks and went home. Their office was now their dinner table, their garage, or their bedroom. All those companies who had adopted the cloud were now far better off. Those that hadn’t looked around and realized they needed to adapt, and they did. However, security was now at the back of people’s minds. Keeping the company functioning operationally was the most important thing. People adopted the cloud but forget about their wide-open networks.
IT and security teams now have a significant issue. The network and security systems of the past no longer fit for purpose. The castle and moat architecture doesn’t meet our new world’s needs. We cannot just trust everyone that’s on our network whether they are an employee or not. Today’s networks are big, difficult to protect, prone to failure, and expensive to manage. Things need to change.
Insider threat is now known to be the biggest threat a company is likely to face. Statistics show that in 2021 60% of all data breaches were caused by insider threats and 61% of companies had experienced an insider attack. Top insider threat actors include managers, contractors, and third parties—those people we all allow on the network without question.
The role of the IT architect in enabling Zero Trust
Since the pandemic, the term zero trust is one that every architect would have heard. It’s everywhere. However, I have found that every cyber vendor has started to badge their product as ‘zero trust’ which has led to a lot of confusion. Even if you look hard, it is very difficult to find out the real meaning of zero trust. This has made it difficult for us architects to select the best products for our businesses and to understand how we can move away from that legacy castle and moat design.
Since joining Axis, I have often been asked questions about zero trust and what it means to an architect like me. I get asked questions like what is zero trust? What is SASE? What is SSE? How do these technologies apply to me? Will these technologies help make my life and the life of the users easier? How do they help us become more secure? How do they fit in today’s world? Will they help me protect my business from things like ransomware, insider threats, and data leakage?
Questions like these seem to be top of mind for many security and network leaders in the world we live in today. So, to try and help my fellow architects, I’ve decided to create a series in the hope that I can help by answering some of these questions.
The world’s first series on zero trust designed for IT architects, by an architect
Dubbed “The Zero Trust Architect”, this new video series provides a platform to discuss zero trust from the architect’s vantage point. I will dig deep into the history of where zero trust started and why, and explain what it means for cloud, security, and network architects.
This Zero Trust Architect series will outline top use cases seen throughout my career, and how a zero-trust approach can help you. Together we will look at how you can bring a zero-trust approach into your architectural plans to support digital transformation. We’ll zoom in on how to keep employees, and partners, off the network, and remove the default trust that inherently exists in the legacy castle and moat designs. We will explore the most significant risks that threaten remote work and third-party access, focusing on keeping your environments secure and protecting against things like insider threats and ransomware, and best practices and considerations along the way.
The only question now is, are you ready to become a zero trust architect?
Start by watching the first two videos of the Zero Trust Architect series.