For a long time, providers of cybersecurity solutions have scratched their heads over a lasting cure for data and system breaches.
Hackers have meanwhile become more and more sophisticated to avoid getting caught.
Official data shows that external hackers can breach around 93 percent of company networks while 44 percent of executives think their security isn’t keeping up with the fast-paced digital transformation being witnessed globally.
In Kenya, an increasingly digitised economy buoyed by deep penetration of electronic devices has made the country highly prone to online fraud, with banks losing hundreds of millions annually.
During the year ending June 2022, the country recorded over 200 million cases of malware attacks which accounted for the majority of cyber hacks, with the most prevalent being Ransomware.
Organisations have had to juggle risk and growth, and this reality has given rise to a new cybersecurity framework dubbed Zero Trust which is increasingly gaining ground and momentum.
The new model, initially developed in 2010 by cybersecurity expert John Kindervag of Forrester Research in North America, employs the assumption that any connection, endpoint or user, is a threat and that the network needs to harbour sufficient resilience against all threats, be they external or internal.
Anthony Muiyuro, the associate director of cybersecurity and privacy at KPMG East Africa, says that the model requires all users, whether in or outside the organisation’s network, to be authenticated, authorised and continuously validated for security configuration and posture before being granted access to data.
“Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust and continuously validating every stage of a digital interaction. Rooted in the principle of ‘never trust, always verify’, Zero Trust is designed to protect modern environments and enable digital transformation by using strong authentication methods,” says Muiyuro.
A Statista global survey shows that around 72 percent of organisations have plans to adopt the framework while 42 percent have already started.
By 2026, the global Zero Trust market is projected to hit over $50 billion (Sh6.1 trillion), driven mainly by the frequency of targeted cyber attacks, information security standards as well as renewed efforts by governments to enact data protection regulations.
During the Covid-19 pandemic, the adoption of Zero Trust model witnessed monumental expansion levels as firms made a shift from the traditional reliance on virtual place networks (VPNs).
One of the biggest credit points of Zero Trust, according to Dimension Data East Africa technical solutions architect Lloyd Oandah, is that the model is not easy to cheat as it eliminates nearly all possible breach gaps and can also be customised to fit within the parameters and needs of an organisation.
“Zero Trust is a strategic approach to security that focuses on eliminating the concepts of implicit trust, consistently validating every individual and every point of access and at every point of digital interaction,” says Oandah.
“Its value is inherently in its ability to support organisations undergoing digital transformation initiatives and investments by mitigating risk and enhancing their cybersecurity posture,” he adds.
Experts say that the model allows for businesses to constantly ensure and establish trust for every entity accessing its assets regardless of location or time.
By adopting a mechanism of constant verification and trust in real-time, a business is reassured that anyone interacting with its data has been checked and approved.
In an opinion article published on resource centre read-write, technology writer Gilad Maayan says that the Zero Trust framework auto generates protection mechanisms once it detects threats and thus is the perfect fit solution for arresting breach attempts before they go through.
“Unlike traditional security paradigms that defend the inside of a network against external threats, the Zero Trust security model protects against both internal and external threats. By assuming what’s inside the network is untrustworthy, the model can apply protections that prevent cyber criminals from exploiting endpoints to breach the network,” writes Maayan.
Muiyuro notes that the biggest challenge to the adoption Zero Trust model is the complexity in implementation.
“The fact that every user, device, and application must be authenticated and authorized adds an extra layer of complexity — particularly for organizations with a large number of users,” he says.
“The best way to overcome this challenge is to have a well-defined Zero Trust strategy and roadmap that will guide this implementation layer after layer.”
On the cost implication of shifting from existing solutions to Zero Trust, Muiyuro says the huge chunk of resources would be consumed during redesigning of security controls to fit into the envisioned organisational model.
He is, however, quick to note that the benefits of implementing Zero Trust will by far outweigh the implementation cost.