Vandana Verma

Security Leader

Zero Trust:Trust no one, Verify everyone

Cloud Migration is the next big thing. Everyone wants to be in the cloud, but what about security and compliance standards? How do organizations manage both safety and security in the “Cloud Era”? Cloud deployments render the concept that everyone inside of a corporate network should be trusted null and void. Essentially, when it comes to the cloud, everyone is a tenant on a big server farm full of tenants. Thus, the only way forward is the Zero-Trust Model.


Conventional security models assume “good” users are inside the firewall and “bad” users are outside. This is also known as the “Castle and Moat Model,” where the moat serves as the preliminary line of defence. Conventional approaches to security like this are ineffective in today’s world of hybrid multi-cloud and mobile workforces.

Enter Zero Trust: the model predicated on the idea that companies cannot, by default, trust internal users just like it cannot trust all external users. The concept of Zero Trust has been spreading across the industry for years. While Forrester coined the term “zero trust” in 2010, there were major players like Google, Gartner and IBM who created their own models and PoVs.

The new Zero Trust Model emphasizes gaining visibility across all traffic – user, device, location and application – through:

Zero trust does not operate inside or outside an invisible security perimeter. It is a philosophy that lives in the interplay between users, devices, and application workloads. Multi-factor authentication (MFA) reduces the attack surface across organisations.Logging and monitoring are important events across all organizations regardless of industry. In part, this is because they indicate the time frame and origin of a cyber attack. The sooner these elements are determined, the sooner action can be taken.

Zero Trust is also a great fit for organizations as they journey to the cloud. Because public clouds are insecure, resiliency must be at the forefront of consideration as their environments are built. People are neglecting to VPN in favour of connecting directly to the cloud. Because of this, everything needs to be encrypted to maintain a secure environment. This approach contradicts the conventional castle and moat models. But 100% encrypted communication is the way to go in the cloud environment. The cloud environment is made secure, in part, by encrypting data at rest, in motion and at the edge.

IBM has the broadest range of security technologies and services that can help clients on their journey to understanding and implementing Zero Trust:

Identity is now an essential aspect of every organization worldwide and therefore, trust is no longer just a theoretical security concept.