Zero Trust Security is being put forward as a paradigm shift in cyber security and the future of data protection. So, what is it, and is it relevant to the SME market?

To answer the first part of that question, it is a framework for securing infrastructure to secure it against the attacks posed by modern cyber criminals’ hell bent on relieving businesses of their hard earned cash.  It uniquely addresses modern challenges such as securing remote workers, hybrid cloud environments, phishing, and ransomware attacks.

So, a primary driver for the development of Zero Trust platforms was the COVID pandemic and its aftermath, simply because the real paradigm shift was in working practices driven by the lockdowns initially, but subsequently embraced by many as a much cheaper working environment (smaller workplace = smaller costs), which many are finding hasn’t impacted their productivity.  However, it comes at a cost unseen by many in that their security was very much compromised.

As a result of this many firms have had to implement changes in their infrastructure in an attempt to shore up the somewhat reactive stance, they had to take to keep their businesses running during the lockdowns.  If this was only just changing out desk top machines for laptops and moving to much more reliance on cloud services, it has meant a sea change in their working practices.  Many more SMEs are looking for Software as a Service (SAAS) to avoid expensive infrastructure either on premise or on cloud, and others are looking towards managed services, something they simply wouldn’t have entertained before COVID.

All of this has produced a significant rise in malware threats at all levels and sizes of business.  Ransomware has become a very real threat to SMEs and it is simply a fact that many pay up simply because the criminals ask for a modest amount but then of course, they have almost always done unseen damage, such as putting in a back door to your system because they will come back to the well and second and third time, and they have almost certainly already stolen any data that might have a value.   How much better to stop them before their malware takes effect.

Let’s just go back to what is Zerto Trust and review the statement above that it is a framework for securing infrastructure.  OK great, but what does such a framework look like.

First off Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction.  So that means that you have to have a security strategy, something most SMEs don’t have and don’t really know how to approach it.

Arguably (I say arguably because if you put a bunch of security consultants in a room and ask a question, the result will be a row if not a punch up), there are 3 main pillars of a zero trust strategy:

• Trusted identities. Protect user access and keep control of device identities to secure the digital journey.
• Endpoint protection.
• Network security

So, what I’m saying here is that it isn’t just one thing, one product, one system, but a combination of several factors that together, provide defence in depth and in that, whilst technology changes, the strategy hasn’t.

This is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

The problem for SMEs as always, is that they don’t have the expertise or the budgets to go down what they think of as a complex and expensive road.  Here at H2 we’ve taken that on board, and we have researched the market extensively and believe we have come up with some risk managed, zero trust solutions which are appropriate to SMEs and very affordable.