Technology Record - Issue 28: Spring 2023

101 techniques the moment an incident is detected, which helps to prevent lateral movement, persistence of an attacker and limits the overall ‘blast’ radius of a successful attack. Identity lies at the centre of any great zerotrust strategy. It is crucial that firms establish trusted identities across their users, devices, applications, and workloads to implement a secure first line of defence against cyberattacks. Strong phishing-resistant multi-factor authentication with high assurance passwordless capabilities is a strong requirement for a mature foundation within user identity. However, zerotrust goes beyond the foundational identity layer of cybersecurity by requiring strong end-to-end encryption when accessing data, which adds an extra level of protection. Enforcing strong encryption with robust cryptographic key management on postquantum-ready platforms helps to protect sensitive data. It also helps to tackle the ‘harvest now, decrypt later’ threat where bad actors are collecting long-life and sensitive data today such as human resources or healthcare records, to decrypt once a quantum computer becomes available to them. In addition, security solutions that address the zero-trust framework need to account for a cross-cloud approach to secure multicloud and hybrid environments. Combining cryptographic key protection of virtual machines, containers and secrets with public key infrastructure and compliance management allows organisations to secure access to data across their computing ecosystem. This allows them to fulfil regulatory requirements in a seamless manner. Ultimately, zero trust is a journey requiring interlocking approaches, solutions and processes. Integration of vendor solutions with the necessary governance enables organisations to implement a zero-trust strategy that effectively addresses data and network security risks. Rohan Ramesh is product marketing director at Entrust A strong zero-trust strategy makes use of multi-factor authentication and high assurance passwordless capabilities Photo: iStock/ treety