HomeNewsReaping the Benefits of Zero Trust

Reaping the Benefits of Zero Trust

Reader's Pick

The advent of emerging technologies such as robotic process automation, artificial intelligence, and blockchain, as well as heightened security concerns due to the pandemic, bring new cybersecurity risks and challenges.

This evolving technology landscape has made it even more imperative for organizations to better manage cybersecurity risks and become security resilient, and many are turning to a Zero Trust approach to do this.

What is Zero Trust?

According to the National Institute of Standards and Technology (NIST), Zero Trust (ZT) refers to an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.

- Advertisement -

A Zero Trust architecture (ZTA) uses Zero Trust principles to plan industrial and enterprise infrastructure and workflows. Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership.

Zero Trust is not a tool or a new technology, but a strategic architectural concept, and should be aligned with business objectives.

Why does Zero Trust matter to an organization?

The primary goal of a solid Zero Trust strategy is to extend the control plane from the internal secure assets of the environment as far outward as possible. ZTA is all about “verify, and then trust.”

- Advertisement -

The COVID-19 pandemic has resulted in many organizations shifting to remote working due to the safety risk and government guidelines, like city lockdowns.

As a result, it has impacted nearly every organization’s cybersecurity strategy. This obviously has posed an external issue for cybersecurity leaders on how they could trust personal devices and home networks to be secured in line with the organization’s security policies and procedures.

In many cases, it has become necessary for cybersecurity leaders to consider implementing controls without trusting the resources in the interest of maintaining business continuity. However, many organizations are now reassessing these practices and transitioning where possible to a Zero Trust approach.

Implementing Zero Trust

The newly released ISO / IEC 27002:2022 Information security, cybersecurity and privacy protection – Information security controls standard provides guidance on implementing Zero Trust principles that organizations can consider, such as:

• Assuming the organization’s information systems are already breached and thus not reliant on network perimeter security alone.

• Employing a “never trust and always verify” approach for access to information systems.

- Advertisement -

• Ensuring that requests to information systems are encrypted end-to-end.

• Verifying each request to an information system as if it originated from an open, external network, even if these requests originated internally to the organization.

• Using “least privilege” and dynamic access control techniques. (e.g., authentication information, user identities, data about the user endpoint device, and data classification).

• Always authenticating requesters and always validating authorization requests to information systems based on information (e.g., enforcing strong multi-factor authentication).

Why are boardrooms supporting Identity and Zero-Trust initiatives?

Like any security initiative, Zero Trust requires commitment from the board. Zero Trust should involve the board, the chief information security officer, and other leaders to determine priorities and ensure that they will be effectively implemented across the organization.

In general, boardrooms tend to trust insiders, that is, authorized users, rather than outsiders. However, Zero Trust begins with not differentiating insiders and outsiders. An organization’s existing controls may not suffice to address new cybersecurity risks and it may need to implement additional and/or new controls.

Zero Trust is built on the premise that trust cannot be granted forever and needs to be evaluated on a continual basis. Today, many boardrooms are already driving the change and supporting identity and ZT.

Many boardrooms are convinced of the value of ZT after realizing these business benefits:

• Reduction in overall cost and expenditures.

• Reduction in the scope of requirements for compliance related to cybersecurity, as it entails accurately mapping assets, inventories, and data, which decreases the risk of unauthorized access.

• Greater control in the cloud environment through authorized workloads.

• Lower breach potential through verified and approved communications.

• Lower compliance risk.

• Business agility and speed.

• More streamlined user experience, allowing users to be less encumbered by security as part of their daily job.


In summary, achieving Zero Trust does not require the adoption of any new technologies. It’s simply a new approach to cybersecurity to “never trust, always verify,” or to eliminate any and all trust, as opposed to the more traditional perimeter-based security approach that assumes user identities have not been compromised, and all human actors are responsible and can be trusted.

Zero Trust does not eliminate trust completely but uses technologies to enforce the principle that no user and no resource has access until it has been proven it can and should be trusted—and in the process, strengthen cybersecurity defenses.


Stay on top of Budget 2023 with our newsletter

We don’t spam! Read our privacy policy for more info.


Stay on top of Budget 2023 with our newsletter

We don’t spam! Read our privacy policy for more info.

- Advertisement -

Read latest Business News and Startup news on TechGraph. Watch live and latest news on TechGraph TV. Follow us on Facebook or follow us on Twitter and Instagram. Listen audio news from TechGraph Briefings on Spotify, Google Podcast, Amazon Music & on Apple Podcast.

Chetan Anand
Chetan Anand
Chetan Anand is Associate Vice President of Information Security and CISO at Profinch Solutions.

Latest News

Promoted Links

Related Stories

Japan approves 26 trillion yen as economic stimulus package to combat overseas risks

Japan's cabinet approved an economic stimulus package worth 26 trillion yen ($2...

1Win App: Review India Apk for Android and iOS

The company 1Win has been successfully operating in the markets of many countri...

Sino-US trade war offers Europe’s chance to bank more Chinese reserves: Analysis

Should European countries want the euro to replace the dollar as the world's do...

Employees union seeks FIR against Jet Airways boss Naresh Goyal, Vinay Dube and on SBI Chairman

The employee union of Jet Airways, which is facing its worst crisis, Friday sou...

Samsung Electronics asks its shareholders to use electronic voting for upcoming AGM

Technology giant Samsung Electronics has adopted electronic voting for the firs...

Rahul Gandhi hits on RCEP says, ‘Make in India’ has become ‘Buy from China’

Asserting that "Make in India" has become "Buy from China," Congress leader Rah...

NASA astronauts to carry first ever all-female spacewalk on 29 March

Two NASA astronauts are scheduled to carry out the first ever all-female spacew...

Union Budget 2023: Five Major Changes to the Personal Income Tax Regime

In a major announcement on income tax changes, the government has revealed five...

Business Technology Strategies to Help You Survive a Recession

There's no doubt about it – we're amidst a recession. And while that may mean c...

What Jammu & Kashmir, Ladakh, Northeast & Agritech got from Budget 2023?

Addressing the parliament on the ongoing union budget session, Finance Minister...