Andrew Voges

---

Cyber security has become one of the key priorities for businesses due to the ever-increasing number of malicious attacks across all sectors and industries around the world.

Major cyber-related incidents that have affected many global and national companies, with some, including the 2021 Colonial Pipeline attack, proving once again that no organisation is immune to cyber security threats.

Recent years have seen zero trust emerge as a must-have for business resiliency – a tried and true model for executing resilient and selective security at scale.

Zero trust has proved so popular, in fact, that Microsoft found that 96% of security decision-makers stated that zero trust is essential to their organisation’s success.

However, a successful cyber security strategy still bears very similar challenges to what it faced a year ago: ever evolving organisations, malicious actors and threat vectors. As these threats will never stop advancing, it is critical to adopt a new dynamic approach to cyber security from narrowly scoped and static to a new dynamic and comprehensive.

Having said that, let me introduce you to the concept of adaptive zero trust.

What is adaptive zero trust and how to adopt it?

Essentially, adaptive zero trust brings an evolutionary mindset to the zero-trust model – enabling organisations to grow and adapt to external and internal factors, such as changes in the company’s enterprise applications or changes to the risk landscape.

Adaptive zero trust’s greatest asset is its staying power. While static models quickly grow outdated, evolutionary models such as adaptive zero trust are, by their nature, constantly working to remain up to date.

That said, understanding where you need to be and knowing how to get there are two different problems. To make the shift to an adaptive zero trust model, there are a few things you need to look out for.

• Complete visibility: Complete visibility involves drawing a circle big enough to capture not just people, but any identity (human and machine) within the organisation. It also includes the ever-expanding accounts that come with multigenerational, hybrid and edge IT landscapes that must be factored into the equation.
• Total verification: A second key element of adaptive zero trust is to verify everything before granting access to your most important and sensitive assets. Increased visibility and insight allow security professionals to quickly and efficiently add, remove and adjust privilege before any damage is done. This means they can restrict user access to only what’s needed when they need it.
• Intelligent controls: New threats and policies are constantly emerging and changing. Adaptive zero trust models should leverage contextual awareness and behavioural analytics, allowing organisations to anticipate, detect and take corrective actions. For example, with the work-from-home arrangement, professionals need to be constantly aware of suspicious logins or activities (such as an employee logging in from two different locations at the same time) to successfully prevent a potential threat to the organisation.
• Comprehensive approach: Just as the threat landscape evolves, so too does an organisation’s need to protect itself – as well as the people, applications and data that are the lifeblood of the enterprise. Such evolution often requires adding in new functionality as needed, while minimising business disruption as much as possible. With the need to adapt and expose new functionality, many organisations are turning to converged platforms for identity security. This allows them to address access management obligations immediately, while leveraging additional capabilities over time.

As cyber breaches have become more frequent and are expected to be on the continuous rise, companies are wondering how to suitably prepare for those attacks. Almost without exception, the best course of action for an organisation starts with recognising that the traditional perimeter is no longer wide enough.

If we view breaches as an inevitability, it will be essential to adapt to more advanced cyber security strategies like zero trust. Adaptive technology can significantly enhance an organisation’s chances of success, but this can only be realised if the fundamental characteristics of zero trust models are prioritised.