Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Access the smarter, faster technology needed to make the most of your hybrid working future.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Zero Trust in Practice – Adopting and Sustaining it in Your Real-World Environment
Constant vigilance and suspicion are necessary in today’s world of sophisticated cybercrime and digital security threats. It’s not surprising that zero trust is a popular concept. It means that organisations should not trust anything inside or outside their digital perimeter. Anything (or anyone) trying to connect or gain access is treated as a new connection that needs to be verified itself before authority is granted. That goes for people, devices and applications.
Zero trust is a heavily used buzzword, inspiring confidence when it’s used by cyber security and technology experts to imply a completely secure technology environment. The reality is that almost no-one in the security industry can deliver true zero trust without shutting down every connection and paralysing digital infrastructure. End-to-end zero trust is an academic concept – it’s not workable for the vast majority of contemporary organisations.
Zero trust has also given rise to another less positive catchphrase – ‘zero trust-washing’. Just like greenwashing in environmental circles, zero trust-washing is hype without action. Empty talk about zero trust can create a perception of robust security, when the reality is very different.
So how can you use zero trust in a practical way in a real-world environment? The trick is to apply the relevant aspects of this rigorous security approach in a pragmatic way that meets your specific requirements.
The challenge for smart CISOs and technology leaders is to deliver the key benefits of zero trust in a highly secure cloud infrastructure without excessive expense, complexity or purism. That means making sure it supports effective business operations rather than constraining them.
When you adopt the best elements of a zero trust approach, you need to make sure that employees can still access the systems, tools and data they need without disruption to their productivity. With hybrid and remote working commonplace and many applications residing in the cloud, there’s a lot of digital traffic from inside and outside your organisation – you need to supervise it closely. But it’s an own goal if your zero trust approach makes it harder for workers to do their job offsite.
The term zero trust was coined in 1994 in an academic paper at Stirling University. The author argued that trust can be defined mathematically – it’s a purist approach with its roots in academic theory. It wasn’t until 2018 that American cyber security researchers recommended zero trust architecture as fundamental to organisations’ cyber security planning.
Since then, the approach has been embraced by digital security specialists and CIOs in the US, UK and worldwide – but inevitably, there are differences in understanding and execution. Despite the neat name, there’s no off-the-shelf security product that can simply and completely switch on ‘zero trust’.
Putting aspects of zero trust into effective practice in your organisation is a strategic activity: it requires careful assessment of your existing data and technology estate and a definition of policies and principles to be applied when you acquire new digital solutions or make changes to your infrastructure.
In reality, zero trust almost never provides an absolute guarantee of security. That reassuring ‘zero’ we mentioned earlier, implying that nothing can penetrate your digital fortress, is unhelpful in this respect. The aspects of a zero trust approach that you can apply pragmatically will greatly reduce your vulnerability to security breaches and you’ll be better protected against malware, but it’s not inviolable. And its important to know this, to avoid complacency. As in every area of cyber security, criminals are developing sophisticated hacking techniques all the time, so monitoring and responding to the latest threats is as important as ever. Zero trust in the real world does not eliminate all security risks – phishing and exposure of sensitive data can still take place, for example.
Microsoft’s need to protect its global reputation and billions of users makes it a leader in zero trust security. Its approach is one of using zero trust principles to empower employees, rather than to constrain them. That includes allowing workers to use their own devices to access systems, with robust security checks that are quick and easy for users to fulfil. Microsoft recommends single sign-on, multi-factor authentication, password-less authentication and eliminating VPN clients. At Six Degrees, we support this approach.
There’s no one-size-fits-all solution when it comes to zero trust approaches. Every organisation needs to address all its applications and infrastructure, including legacy systems. But there are some key areas of focus when defining and implementing your security strategy that includes the best elements of zero trust:
Zero trust principles form an important part of a strong strategic approach, but in the real world, successful cyber defence depends on rigorous, expert and thorough planning and execution, along with ongoing review and continuous improvement in a constantly evolving cyber security landscape. Working with a specialist cyber security partner to implement and manage practical zero trust protocols gives you access to deep and current knowledge and experience of the approach which can be difficult to sustain amongst your own team. It’s an area where focused, specialist support from a third party really can deliver value and insight that may be resource-intensive and difficult to establish internally.
If you’d like support or advice on adopting, assessing or improving zero trust protocols in your organisation, talk to the expert team at Six Degrees.
Chris Cooper is Cyber Security Practice Director at Six Degrees. At Six Degrees, we’ve been helping organisations confront cyber security challenges for over 15 years. While cyber threats are always developing, our experience and industry presence are testament to our ability to stay ahead of emerging threats.
Let’s Get Real with Cloud Transformation What does…
Our Cyber Security Practice Director Chris Cooper talks…
Multi-channel communications provider Adare SEC renews its partnership…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
