When we talk about cybersecurity, the first image that comes to mind for many may be that of the antivirus on the computer or the spam chains in the email. As the technology market has evolved and ICT solutions have become transversal and strategic, the necessary security has become one of the most important points for organizations and for users themselves.
The increase in digitization has meant convenience for users, but it has also represented a significant challenge for organizations. With a world where data becomes the new oilWhere private and public clouds become essential, and where remote and hybrid working models are also expected, location or perimeter is no longer a guarantee of protection. The big challenge is knowing exactly how to protect organizations' data and technology infrastructure without sacrificing convenience and benefits, and without relying on the perimeter.
In this context, the concept of Zero Trust – Zero Trust – has become enormously popular. Although this model has existed for several years, the pandemic accelerated the Digital Transformation of organizations and increased security risks and threats, which is why the strengths of the Zero Trust model stand out today more than ever.
To touch on this topic in depth, in Impacto TIC we organize a hangout with the support of BeyondTrust with referents not only from the cybersecurity industry, but also with leading IT spokespersons from the Colombian business sector who have found value in this model.
Versatility and agility
Perhaps one of the most striking elements of Zero Trust is that it clearly focuses on the versatility of existing systems. According to Fernando Fontao, BeyondTrust's Channel Account Manager, this model is not new, but has been constantly evolving over the years and as customer needs change. Today, says Fontao, the only reality is that we have reached the end of the traditional security perimeter that we knew. “The only perimeter is identity, and with identity come extremely important privileges,” he said.
At Zero Trust there is no single solution to all of a company's cybersecurity problems, rather it consists of creating a set of tools to achieve the best balance between security and the end user experience. "The challenge lies in the need to protect business environments that are now digital, modern, which increasingly include the incorporation of public and private clouds, SaaS applications and an infinity of technologies", explained Kelly quintero, Territory Sales Executive at BeyondTrust.
When talking about Zero Trust, an important clarity must be made: it is not about implementing a technological tool, nor does it work as a standard package that is implemented and deployed, nor does it allow the push of a button to answer all the cybersecurity needs of an organization. That is why we speak of the security model or the Zero Trust methodology.
For example, keeping its remote employees safe from external threats may be the most important thing for one company, while protecting its end customers is the most important thing for another.
This, as a consequence, means that Zero Trust models sometimes represent a major paradigm shift in how an organization's cybersecurity is managed. With changing, connected and hybrid environments, the security perimeter of yesteryear has disappeared, and even so have technologies such as VPNs (virtual private networks) and other private networks.
More than technology, a paradigm
Mario Botina Tovar, Vice President of Technological Infrastructure of Banco Davivienda, emphasized that Zero Trust cannot be understood simply as a 'box' that is installed and that's it, but rather it is an ecosystem that adapts to the needs and risks of each company. For Banco Davivienda, for example, this materialized in the need to simplify and unify processes.
VPNs, so popular amid the pandemic, turned out to be an inappropriate option for Davivienda, a company with 20.000 employees. Due to its security needs, the bank had hundreds of VPN rules, which affects not only the operation of the system, but also the productivity of its remote employees.
Thanks to the implementation of a secure remote access system, these rules are now dozens of simpler profiles and easier to manage. According to him, the basis of everything is in “Know where the data is, what is important, and how and why my employees access this information.”
Much of this transformation has also come from new business models. For Jorge Eduardo Pinzon, Director of Business and Information Risks at AFP Protection, the shift towards hybrid structures has also strongly highlighted a shift towards increasingly liquid and collaborative business structures.
In this type of structure, a cybersecurity strategy cannot be based only on the roles of each employee, but also on daily environments and needs.
“It is a constantly evolving set of paradigms. It is not something fixed, it is not something static.
Fernando Fontao, Channel Account Manager at BeyondTrust.
“The Zero Trust theme must be extended not only to employees at home, but also to third parties and manufacturers. We all have to enter the philosophy of being protected.”
Mario Botina Tovar, Vice President of Technological Infrastructure of Banco Davivienda.
“The philosophy is the same. Guarantee cybersecurity, improve agility within business and reduce costs”.
Jaime Barreto, IT security leader at Summa SCI.
"You don't start from scratch. What you have to do is adapt what has already been implemented to this new Zero Trust scheme”.
Jorge Eduardo Pinzón, Director of Business Risks and Protection Information.
The new liquid structures
Pinzón explains that, given the facilities offered by technologies such as the cloud and digitization, the roles within the same companies have also become more dynamic. The idea of models such as Zero Trust is to allow these collaborative environments to continue to be possible in hybrid environments, but without sacrificing the security of employee and company data. “We are no longer from a pyramidal function”, remarked.
To withdraw from your Jaime Barrett, IT security leader of Summa SCI, all this search for flexibility, dynamism and agility is born from the search of security providers to become technology enablers. Implementing cumbersome and complicated cybersecurity services is not an effective method to attract more companies to the new era of cybersecurity.
Like many other industries, cybersecurity has become an everyday necessity for users and businesses, and Barreto affirms that the important thing is to improve the language and communication of these new models to make the technologies of the future better understood.
Main Image: Lewis Kang'ethe Ngugi (Unsplash)