Guest blog: Martin Borrett, CTO IBM Security EMEA and Jason Keenaghan, Zero Trust Strategy Leader WW as part of our #Cyber2021 week.
Trust. This isn’t a new concept. Many organizations – IBM included – talk about trust in the value statements we share with the world. Our customers demand it. Our reputation relies on it. It’s essential to everything we do.
All of our businesses strive to build reputations of being a ‘trusted partner’ or ‘trusted supplier.’ We do this:
By developing quality products that deliver valued outcomes to our customers and by delivering them reliably, however and whenever they are needed.
By closely guarding the data and personal information for every user within our business ecosystem – from employees to customers.
By striving to be transparent when things go wrong. By putting our hands up, being accountable and working quickly to rectify any mistakes.
And while these among other elements dictate how a business builds trust – good cybersecurity is how you retain that trust. When cybersecurity is integrated into every aspect of the business, it becomes part of the daily actions and routines for you and every user in the organization’s ecosystem. It’s embedded into every operation, infused into every policy and wrapped around every transaction.
But to do this right…we must change the way we think about and implement cybersecurity. Zero trust offers a better way to address the complexity in security that is challenging our businesses today.
The philosophy behind a zero trust approach is simple: Nothing is trusted. Each user, each device, and each connection into your business must be continuously authenticated, authorized and repeatedly verified.
While the definition of zero trust may be simple, executing this strategy can be incredibly complex. Numerous security tools must work together to make zero trust a reality. Different teams must communicate and agree on priorities and policies to make security consistent and effective. Information from every security discipline must be combined to inform access decisions that can be enforced quickly and to make threat response faster.
Zero trust is a journey. Where you start or where you go next is not the same for everyone. That decision is tightly connected with what you are trying to achieve – not just as a cybersecurity program, but as a business. While we have seen many organizations progress their zero-trust journey by focusing on a specific security domain, for example Identity or Network, or by implementing a specific security technology like Zero Trust Network Access (ZTNA), those clients that are most successful, and that will realize a faster return on their investment, are aligning their zero trust initiatives with their top business initiatives. While by no means an exhaustive list, there are four initiatives that will benefit greatly from taking a zero trust approach:
Securing the remote workforce
Protecting the hybrid cloud
Preserving customer privacy
Reducing the risk of insider threat
Each of these initiatives have clear business outcomes associated with them. In order to be successful, each requires strong, integrated, multi-domain security capabilities. By applying the zero trust principles of least privilege, never trust, always verify and assume breach, you can: build a workforce that securely connects and works from anywhere, any device, accessing data on any infrastructure; migrate operations to the cloud with confidence, with integrated security controls and visibility across environments; deliver dynamic customer experiences grounded in privacy and security; and reduce business disruption by responding to attacks quickly with a targeted approach.
While tools and products can help enable zero trust, they alone are not the answer. In many cases, you may already have the right building blocks in your environment to work from. Focus on the outcomes you are trying to achieve. Assess what you have available to you in your environment. Where there are gaps identified, look for a solution that can integrate seamlessly into your existing toolset. And build a deployment roadmap that starts small and iteratively builds on your foundation.
Growing and supporting a business that is built on a reputation of trust starts with a cybersecurity program that is built on zero trust. When the time comes for you to tackle the challenge of another business initiative, you will find that you are already well on your way, because you were taking a zero-trust approach from the start.
Dan Patefield
Head of Cyber and National Security, techUK
Dan Patefield
Head of Cyber and National Security, techUK
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
Jill is techUK’s Programme Manager for Cyber Security, working across the cyber eco-system to bring industry together with key stakeholders across the public and private sectors.
Prior to focusing in on techUK's cyber security work, Jill was also part of techUK's Central Government programme team, representing the supplier community of technology products and services to Whitehall departments.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Programme Manager, Cyber Security and Central Government, techUK
Annie Collings
Programme Manager, Cyber Security and Central Government, techUK
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023.
Prior to joining techUK, Annie worked as an Account Manager at PLMR Healthcomms, a specialist healthcare agency providing public affairs support to a wide range of medical technology clients. Annie also spent time as an Intern in an MPs constituency office and as an Intern at the Association of Independent Professionals and the Self-Employed.
Annie graduated from Nottingham Trent University, where she was an active member of the lacrosse society.
Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week.
Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there.
Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows!
Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!