A blue color image of a person trying to log into a protected laptop.

(Image credit: Shutterstock/JARIRIYAWAT)

The trust model of cybersecurity is no longer fit for purpose as the IT environments continue to become more complex.

The author.

David Gochenaur is a Senior Director of Cyber Security at Ensono.

Only a small group of employees can use the trust model to access an IT environment that is only on-site. As the hybrid way of working becomes the norm, it is riskier to trust the variety of end points that are open in new tab to manually adhere to all preventative procedures. Businesses that were affected by a data breach lost an average of $4.24 million, according to IBM. A critical data breach is just one click away if the correct procedures aren’t in place.

Zero Trust architecture is being used by many organizations around the globe in the face of these challenges. In May of 2021, the President of the United States, Joe Biden, issued a mandate that all federal agencies, such as the FBI, must align with Zero Trust architecture.

What exactly is Zero Trust?

Zero Trust is a cybersecurity model that uses constant identification and verification across device, identity, and user before any access to data is provided. If a bad actor has gained access to an IT environment, this is done to make sure that sensitive data remains unexploited. Trust is no longer included in the cybersecurity risk equation because it is nullified as a vulnerability.


The Zero Trust model relies on cultural and behavioral elements as much as it does on technological changes. Human error is the greatest risk to cyber safety. The risk from human workers needs to be mitigated by a large cultural buy-in within the business.

Employees accessing data and work systems from home have led to bad actors taking advantage of the many vulnerabilities. Since the beginning of mass remote working (opens in new tab), there has been a huge increase in cyber crime. It is considered the most common crime in the United Kingdom. The UK’s National Cyber Security Council dealt with a record number of cyber incidents during the year.

It has become difficult for businesses to put together a strategy for cybersecurity. Companies use different hosting services to ensure they can keep up with the demands of the working world. The process of delivering a uniform security strategy can be hampered by security protocols that vary between providers.

The Zero Trust framework

Zero Trust can be used in all IT architectures. It is cost-effective and does not see network perimeters. Zero Trust creates a cyber defense framework that is perfect for remote or hybrid working as all end points, local infrastructure, and cloud services are in one model.

When a user wants to access data or an application held on a company network, Zero Trust tells them that they need to have a password. The risk presented by the user attempting to access the applications is assessed by this policy. The UK’s NCSC has a plan to follow when putting this into action. The principle of “the network is hostile” and only grant access based on aholistic set of factors is explained. The factors include user location, device health, identity, and the user’s status within the organization.

Businesses need to monitor user access in real-time to keep up with constant verification. The process can take a long time for an organization. There is a lot of innovation going on to address these challenges. Many of the market-leading solutions use automation to simplify this process, freeing up IT teams to focus on more value-added activity.

Key features of Zero Trust reduce business vulnerability to cyberattacks. We should not forget that the attack started with a single compromised piece of data. Zero Trust puts more barriers in the way of a bad actor by giving IT teams a longer period of time to flag and shut down access for a hacker before the bad actor gets access to sensitive system across the business. The message is that damage limitation and containment stop the exploitation of a small vulnerability from becoming a bigger problem.

Why Zero Trust needs people

As much as a technological shift is needed for Zero Trust to work. Human error is the largest risk faced by a business and its cybersecurity. If we want to address this problem, we need to change our behavior.

Employees need to be willing to work with the model. The Zero Trust model could be rendered useless and a huge data breach could occur if only one employee messes with an authentication feature.

Communication and training are required for Zero Trust to be effective. The importance of these processes within a business is something that individuals already engage in. The long-term success of Zero Trust is dependent on regular education and messaging from the IT function.

Zero Trust shouldn’t be a hardship for employees, but a call to action for everyone to play their part in the cybersecurity of the business. Employees play a huge role in preventing cyberattacks, and their active engagement is critical at fighting back against bad actors. Zero trust is about empowering employees.

The best identity management software is here.