In today’s digital world, which is also characterized by cybercrime, AI and disinformation, “Zero Trust, always verify” is no longer just an option, but a necessity in order to emerge as a winner and not a loser from the increasingly dynamic cybersecurity evolution and AI revolution in the coming years.
Zero trust and elimination of the “old braid” of implicit trust as an essential part of cybersecurity & AI readiness
In today’s digital world, comprehensive cybersecurity is no longer just an option, but a business-critical necessity. A central principle of Zero Trust is the complete elimination of implicit trust. In addition to technical measures, such “old habits” and paradigms can only be eliminated by comprehensively training and adapting the mindset of the users concerned. The Zero Trust strategy ensures that no user, device, software, app, access, authorization, system or even information and media content in general is automatically trusted, regardless of whether they are inside or outside the trusted technical or social network – even if this was previously the case. This strategy is based on the principle of “never trust, always verify” and requires continuous checking, monitoring and validation of all relevant access, authorizations, statuses and activities.
More philosophy than technology
Zero Trust is not just a technological solution, but a comprehensive security philosophy. It requires a combination of technology, processes and people to be effective. Implementing Zero Trust means that, in addition to the many technical adjustments, companies must also fundamentally change their security culture and ensure that all employees understand the importance of security and act accordingly.
Technical and organizational measures (TOM), MFA, CA, PAM, PIM, XDR
Technical and organizational measures (TOM) are crucial for the implementation of Zero Trust Architectures (ZTA). This includes measures such as multi-factor authentication (MFA), conditional access, management of all endpoints / devices using extended entpoint detection & response solutions (XDR, EDR), privileged access & identity management (PAM, PIM), encryption, special enforced security policies (policy enforcement), network/resource segmentation, secure remote access and continuous monitoring. These measures help to minimize the attack surface and ensure that only securely authorized users and devices have access to sensitive data and systems, even for a limited period of time. Additional organizational measures, such as cybersecurity awareness and special education on working methods using “zero trust” principles, are also used to train internal, critically thinking and appropriately acting “comrades-in-arms against cybercrime”.
Continuous verification in the dynamic threat situation
Zero Trust also requires continuous verification and monitoring of all access, authorizations and activities. This means that users and devices must be regularly checked and validated to ensure that they are still authorized. This continuous verification helps to detect and prevent potential threats at an early stage as part of extended monitoring.
4 principles – explicit verification, least possible authorization, awareness of Zero Trust and acceptance of an active breach
The four principles of Zero Trust are explicit verification, least privilege (“need to know” principle), critical awareness of Zero Trust and its organizational/technical implications, and acceptance of an active breach. Explicit verification ensures that every access is checked and validated each time and no longer unlimited in terms of time / location. Lowest possible authorization ensures that users only have the minimum necessary access rights. The awareness of “zero trust” to be trained means that all employees understand the importance of “zero trust” supported security and act accordingly in this adapted way of working.
The concept of “Assume Breach” means that companies consciously assume that their systems have already been compromised. This leads to a different and more proactive security strategy, adapted to the dynamic threat situation, in which existing or potential threats are continuously searched for and measures are taken to better detect and prevent them.
Ongoing inventory, also against “Shadow IT”
An ongoing inventory of hardware, software, cloud services, apps, users, key users, personal data, contract data processors and authorizations is crucial for the implementation of Zero Trust. This inventory with many collected, relevant details helps to minimize the attack surface and ensure that only authorized users and devices have access to sensitive data and systems – especially in the event of system changes or adjustments. Such an inventory can be combined and optimized with a data protection impact assessment, order data processing directory through to business continuity management and incident response management as part of ICT risk/compliance management and continuous reporting in particular.
The comprehensive documentation of several relevant “homework tasks in IT” and their control also creates a tool for ongoing optimization and hopefully regaining control (“take back control”) over risky elements and even “old relics”, “old braids” of shadow IT.
Combined approach of different elements / categories in the sense of “best of breed”
Zero Trust requires a combined approach of different elements and categories in the sense of “best of breed”. This means that companies combine the best available technologies and solutions in order to develop a security strategy that is as comprehensive and broad-based as possible. This combined approach helps to minimize the attack surface against cybercrime and ensure that only authorized users and devices are offered access and only have effective access to sensitive data and systems.
Zero Trust is an ongoing transformation process with possible small steps for improvement
Zero Trust is an ongoing transformation process that requires continuous improvement. Organizations need to regularly review and adapt their security strategies and measures to ensure they meet the ever-changing threats and challenges. Small steps towards improvement can make a big difference and help to continuously improve the security posture.
Cybersecurity and AI awareness among employees
Zero Trust requires a combined approach of different elements and categories in the sense of “best of breed”. This means that companies combine the best available technologies and solutions in order to develop a security strategy that is as comprehensive and broad-based as possible. This combined approach helps to minimize the attack surface against cybercrime and ensure that only authorized users and devices are offered access and only have effective access to sensitive data and systems.
Critical thinking and asking context-based questions
“Critical thinking” and asking context-based questions are essential to ensure safety in a zero trust and also AI deepfake / AI universe environment. Employees should be encouraged and empowered to think critically and ask context-based questions to identify and reduce potential security vulnerabilities and also false system outputs / outcomes / content / information. This helps to reduce the dangerous system credibility – also especially in the context-based application of prompting with AI tools (“context-based AI prompting”) and their results / actions – and to increase the overall security in the “AI pervasive” information universe.
A transparent information policy and new learning culture is important in order to sensitize and empower employees and raise their personal “digital sovereignty and maturity” to a higher level.
AI readiness also in favor of security measures
The integration of artificial intelligence (AI) / AI readiness into the overall ICT strategy is another important aspect for “Zero Trust”. Companies should ensure that they are ready to use AI technologies to improve their efficiency, automation and also their security measures. This includes training employees in the critical and context-correct use of AI (“context-based AI prompting”) and the implementation of AI-based security solutions.
AI deepfake and disinformation
AI deepfake technologies and disinformation in general pose an increasing threat to the security of organizations and people. Companies need to be aware of this threat (e.g. specifically AI-supported social engineering and phishing campaigns) and take measures to protect themselves against it. This includes the implementation of technologies and processes to detect and prevent deepfakes / disinformation / social engineering / phishing attacks as well as raising employee awareness of this threat, including specifically against dangerous system beliefs.
Fridel Rickenbacher is a former co-founder, co-CEO, partner, member of the Board of Directors and now a participating “entrepreneur in the company” / “senior consultant” at Swiss IT Security AG / Swiss IT Security Group. At federal level, he is represented as an expert and actor in “Digital Dialog Switzerland” + “National Strategy for the Protection of Switzerland against Cyber Risks NCS”. In his mission “sh@re to evolve”, he has been active for years as an editorial member, expert group and association activist at e.g. SwissICT, swissinformatics.org, isss.ch, isaca.ch, bauen-digital.ch in the fields of digitalization, engineering, clouds, ICT architecture, security, privacy, data protection, audit, compliance, controlling, information ethics, in corresponding legislative consultations and also in education and training (CAS, federal diploma).
This article was first published in Schwyzer Gewerbe magazine in December 2024 and is reproduced here with the author’s permission.
Photo: AI generated.
