The Drive for Zero Trust Security in a Global Pandemic
Guest blog: Dr David Robinson from Atkins as part of our #Cyber2021 week.
Exposing IT to Zero Trust
The Covid-19 pandemic has disrupted the traditional model of IT, forcing a move to remote working on an unprecedented scale. This is the reaction to what was termed the ‘new normal’ as a sudden unexpected step change to the way IT service in support of the business are provided. The trouble is the new normal has not been stable and further changes are likely. As a result of businesses’ adapting through flexible working it has become apparent that there are advantages to working this way. Consequently, there is no longer the same appetite to return to what many see as a dated way of working.
For IT systems, the new working environment should be considered as a move towards distributed working rather than remote working. There should be a mix of onsite and offsite collaboration through not only the provision of VPNs but through collaboration tools and digitisation of business functions. The IT infrastructure needs to be resilient to shock and segmentation. It needs to be agile and intrinsically future proof. It needs to be federated and coherent. But it also needs to be trusted.
There is then a mix of devices, potentially of mixed ownership, increasing in number as the business expands with reduced control of their state and where they are. The users are remote and work in a different way. Therefore, the users can be exposed to new risks, the devices may operate in a riskier environment, and there is less knowledge or control over the networks the users are using or where they are used. Even worse, the users are switching between home working to office working dynamically and they may be switching between networks as well.
The drive to Zero Trust though human factors and agile working
The commute has gone, for some but not for all. Work is now more dynamic with a mix of home working and office or factory working with social distancing in place. For some the change is more static finding oneself permanently at home or permanently at work. For others it is a mixture. For all, nothing about this is permanent. And that is the point. The psychological impact of this should not be underestimated.
This presents new challenges to the way people are managed and supported as well as new challenges to the individuals to be flexible and resilient. Support networks need to be in place and agile working must be embraced. The new routine becomes that of accepting the change and further change. Of being more “mobile” and getting used to using mobile technology to work remotely as well as onsite. Embracing the new norm of distributed working.
Devices may be lost or stolen, users are more likely to make a mistake when changing from home to work activities and could let in a virus, protecting data assets is more challenging because they don’t stay in one place. The psychological impact of the pandemic can mean that the user could be considered more vulnerable to a social engineering or phishing attack. The users’ new demands call for security that can be relied upon but at the same time is transparent and not dependent on the users to work.
Business structure and digitisation, the new Zero Trust landscape
With the evolution of computing the dream was to move away from the need for paper. Now the reality is the need to move away from the dependency on the office. Business functions have been progressively digitised over the years and now the digitisation must become more comprehensive as well as adaptable. The relationship between the structure of the business and that of the IT that supports it should be better aligned. So, the business structure should be agile and federated too but at the same time able to accommodate business functions that must be ‘onsite’. A holistic enterprise level review in the new environment becomes necessary as ad-hoc changes are made to survive. These need to be consolidated and embraced towards more resilient, agile and distributed business structure adopting the leading IT technologies, collaborative tools and digitisation of the business functions.
Components of the business become Zero Trust and not just the devices or even the users. Changes in the business landscape changes the threat surface. It is harder to architect the business for business continuity as different parts of the business are exposed to different levels of risk. For example, the information assets for different parts of the business carry different values. Embracing new tech solutions can introduces more vulnerabilities. Changes to the business structure and its digitisation introduces the potential for further security risks. Welcome to the dawn of Zero Trust as a security philosophy and an approach to the delivery of secure solutions.
Solutions for zero trust security
There are several practical steps organisations might take in adopting a ‘Zero Trust’ Architecture. These need to be holistic in nature and address the governance, process, human and technological aspects. A few of these are presented below:
Understand the environment to assess controls and depth of defence
Establish a trust model and review regularly against the business needs and risk appetite.
Know your information and physical assets. Track their use.
Structure your network into segments to incorporate manageable security zones
Know your transaction flows. Identify who and what should be on the network.
Architect your network to tag information assets validate them throughout the network.
Jill Broom
Head of Cyber Resilience, techUK
Jill Broom
Head of Cyber Resilience, techUK
Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.
She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.
Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.
Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).
Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
Programme Marketing Assistant for Public Sector Markets, techUK
Tracy Modha
Programme Marketing Assistant for Public Sector Markets, techUK
Tracy supports the marketing of several areas at techUK, including Cyber Exchange, Central Government, Cyber Resilience, Defence, Education, Health and Social Care, Justice and Emergency Services, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!
Programme Team Assistant for Public Sector Markets, techUK
Francesca Richiusa
Programme Team Assistant for Public Sector Markets, techUK
Fran serves as the Programme Team Assistant within techUK’s Public Sector Market Programmes, where she is responsible for delivering comprehensive team support, managing administrative functions, and fostering strong relationships with members.
Prior to joining techUK in May 2025, Fran built a meaningful career in the charitable and local government sectors. She worked extensively with both victims and perpetrators of crime, and notably led the coordination of Domestic Homicide Reviews across Surrey—an initiative aimed at identifying lessons and preventing future incidents of domestic abuse.
Outside of work, Fran is an avid traveller and a proud cat mum who enjoys unwinding with her feline companions.