ZTA and Intelligent Transformation in Cybersecurity

Goodbye Castle of Trust

Zero Trust Architecture (ZTA)?is a security framework enterprises and organisations are implementing to replace the traditional approach of implicitly trusting users and applications within a network. ZTA operates under the assumption that user trust and access to the network need to be validated and access requires continuous review and attestation.?

To put it another way, the old model of implicit trust is like a castle guarded by a moat and walls (firewalls and passwords or other credentials); it primarily relies on perimeter defence. Once you’re allowed in the castle, you’re given broad access to most of its rooms (servers, data, etc.). ZTA, on the other hand, is more akin to having the moat and walls, but also locking every single door in the castle (closets, cupboards, bathrooms, kitchen… everything!). No one in the castle is trusted, not even the royal family.

This paradigm shift, along with the growing applications of machine learning and GenAI, is perhaps now the most significant trend in the intelligent transformation of cybersecurity. The shift has been a long time coming, and there has been incremental movement towards it over the last decade or more. But the global Covid pandemic accelerated the transformation, just like it did with many other trends.

The benefits to ZTA are numerous, and obvious to those of us working in the security profession. ZTA reduces privilege access escalation risk, meaning it helps mitigate damage even if attackers do get over the perimeter defence. At the same time, it also defends from other internal threats, like employees who make security mistakes and allow attackers inside through social engineering tactics. It also protects the enterprise from employees with an axe to grind and looking to do damage.

ZTA is also a more suitable defence posture in today’s world of hybrid work. Once upon a time, most employees worked on premises most of the time. Their devices and data were behind the moat and walls and were easier to defend. That is no longer the case. Now the average knowledge workers are getting things done 24/7 on laptops and mobile phones at home, in a coffee shop or airport lounge, or even at the beach when they really should be spending more time with the family (“I love you honey, just one more email. I promise!”). And they are not just connecting to their employer’s data centres protected by their own corporate security protocols, but also to public clouds to leverage third-party applications, including LLMs.?

There are other benefits to ZTA too. It simplifies network architecture, reducing complexity and streamlining security. In addition, it includes continuous network monitoring at a granular level and enables quick or more nimble responses to security incidents.

ZTA is now what most enterprises and organisations want, but if it were easy to achieve, everyone would have it successfully deployed already.

A Challenging Journey You Need Not Take Alone

ZTA is a journey, not a destination. There are no out-of-the-box solutions or quick fixes to get us there. In fact, according to Gartner , over 50% of organisations implementing ZTA will fail to realise the benefits, and?just 10% ?of large enterprises will have a “mature and measurable” ZTA program by 2026.

Why is it so hard? To extend the castle metaphor a little further, imagine the captain of the guard (the CISO) telling the royal family and other residents in the castle they all need special keys to get into rooms, and they won’t be given keys to every room no matter what. There’d be lots of complaining, posturing, and even outright non-compliance. The same is true in the enterprise.

Migrating from a traditional security model to ZTA involves significant changes in network design, access controls, user behaviour, and corporate culture. Staff accustomed to seamless access will likely find ZTA’s multi-factor authentication and context-based checks an annoying burden at first. And integrating ZTA with legacy systems can be complex. For example, defining precise access policies requires a thorough understanding of the organisation’s assets, user roles, and data flows.?

You can imagine the arguments and negotiations that occur at the C-suite, and just below, about who should have rights to which data, who grants those rights, how it’s implemented, and how the tools and protocols are going to be funded. The politics and intrigue of the “need to know” parameters in compartmentalised security are well-trodden territory for spy novels and movies. It’s a similar situation in the enterprise, but the story is less interesting, and the protagonists aren’t as good-looking.

The good news is the CISO, and his team, aren’t alone in this journey. Choosing the right ZTA solutions and vendors can be overwhelming, but there are many options. At Lenovo, we are trying to make it easier for customers as they move to ZTA.

First, we start with supply chain assurance. Because even if you lock all the doors in the castle, you also need to search everyone and everything before they enter it. Lenovo’s supply chain assurance provides a mechanism to detect when changes to hardware have been made between the factory and the end customer. Through a documented, auditable supply chain security program, all purchases are traceable at the component and system level. Customers receive statements of conformance to guarantee authenticity of the systems and Lenovo’s ongoing quarterly compliance and security assessments hold suppliers to strict adherence standards.?

Another way we support migration to ZTA is through Lenovo’s ThinkShield portfolio of cybersecurity solutions and partnerships with world-class security providers to defend against threats. For example, to achieve enhanced hardware defence, we partnered with Sepio to enable workstations and servers to autonomously defend themselves in real-time. Sepio's novel approach to hardware security uses physical layer information to analyse every device's true identity, enabling Zero Trust Hardware Access by objectively identifying every hardware asset, marking it with its respective risk score, and enforcing granular hardware access control rules.?

SentinelOne is another example of how we work with the best of the best. Lenovo customers now have the ability to purchase devices with SentinelOne, delivering real-time prevention, active endpoint detection and response, as well as cloud workload protection powered by patented behavioural AI.?

The intelligent transformations occurring within the enterprise are challenging journeys, and ZTA is no exception. But the journey is worth it. Once implemented, ZTA provides a more robust security posture with a reduced threat surface and more agile responses. In short, it offers much more security for today’s corporations propelling their businesses on tsunamis of data with workers who are rarely, if ever, on-prem.

If you haven’t already found a trusted partner and guide to help you navigate your ZTA journey, I suggest you find one fast.