Never trust, always verify: Zero Trust and digital transformation
Security · Nov 26, 2020
A quick search of “Zero Trust” brings up a long list of articles, websites, infographics and more, detailing different takes on the concept. This reveals a simple truth - despite Zero Trust being around for a decade, there are many interpretations out there, leaving organizations unsure which is most applicable to them or how to effectively incorporate it into their digital transformation journey.
So, what is Zero Trust?
At its core, Zero Trust involves a fundamental shift in perspective. Instead of relying on a traditional perimeter security approach, where automatic trust or access is granted to those within the network perimeter, Zero Trust shifts how access is managed both inside and outside your network. Based on the philosophy, “Never trust, always verify”, the framework removes the concept of implicit trust and leverages the idea that anything or anyone attempting to access your systems must be verified. To frame it another way, “Trust is merely a human emotion we’ve injected into digital systems for absolutely no reason. In like a lot of things, our emotions get in the way and it shouldn’t get in the way of doing proper security.” - John Kindervag, Palo Alto Networks Field CTO and creator of Zero Trust.
And it’s relevant now more than ever; business needs are changing in new ways and at a faster pace. The attack surface has expanded in step with the increase of endpoints. Protecting data has become more complex as digital transformation progresses. All this as the threat landscape continues to grow more sophisticated. To realistically manage all these changes means organizations have to think beyond simply securing the perimeter. Enter Zero Trust - a framework that can help meet your security needs today and into the future.
What does this mean for your network? Zero Trust may sound promising, but it also sounds complex. How realistic is it to apply in the real world? How would you even know where to begin?
Be realistic: meaningful change won’t happen overnight
“TELUS is a large organization so I can’t turn around tomorrow and say, ‘Here is Zero Trust. It’s on, TELUS. Done, we’ve got it all covered’, right?... I think a better way, if you want to phase it in, is to do it on a per project basis… if you’ve got a new initiative, build it into the new initiative from (the) start and that’s a great way to start.”
- Marc Kneppers, TELUS Fellow and Chief Security Architect
The good news: Zero Trust doesn’t have to be complex
“(Zero trust) has evolved because the technologies themselves have evolved. The concepts were strategic so Zero Trust itself didn’t have to evolve, there just became better and better technologies to deploy it. And that’s been exciting to me to watch; it is much easier to do, much more automated, less manual effort and more integration at a platform level so it works systemically...”
- John Kindervag, Palo Alto Networks Field CTO and creator of Zero Trust
Looking to learn more about Zero Trust? Check out our webinar.
Webinar: Never trust, always verify: Zero Trust and digital transformation.
To help answer some of the most commonly asked questions and share insights from our own Zero Trust journey, TELUS held this informational webinar in partnership with Palo Alto Networks. During this session you’ll gain insights from the experts, Marc Kneppers and John Kindervag.
In this session, you will learn more about:
How the Zero Trust framework evolved over time,
The fundamentals and key components of a Zero Trust framework,
Where to start when planning and implementing a Zero Trust strategy, and,
Lessons TELUS has learned during our implementation of the Zero Trust model.