Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Foreword

Greetings, and welcome to the seventh edition of Atos Digital Security Magazine, our forum for views on digital security and trends from Atos and partner experts!

The concept of zero trust was somewhat ambiguous before the Biden administration declared it a strategy in January’s White House Memorandum on Federal Zero Trust Strategy (M-22-09). As a result, US policy now recognizes and endorses zero trust as a foundational tenet of cybersecurity. However, zero trust is still defined primarily by what it is not. It’s not a product, not an appliance, not software, etc.

Through our experience, we know that zero trust is an orchestration of processes and technology for protection in zones where the data owner grants no access or privileges (i.e. “trust”) to any user in the environment where the data exists. However, even that definition is not specific enough to provide meaningful context and guidelines for realizing the full benefits of zero trust.

Trust is never granted implicitly and must be continually evaluated.

Dan Schaupner
Head of Digital Security Consulting, North America

Allen Moffett
Global IAM Practice Lead & CTO

In a zero trust world, there is no perimeter or secure zone. The focus is on the premise that “trust is never granted implicitly and must be continually evaluated.” The actor must be authenticated, authorized and continuously validated before being granted access to applications and data.

Authentication and authorization are no longer discrete events. It is no longer acceptable to trust that the actor you just authenticated is still the one performing the current action. It very well could be a clever impersonator. The actor may be a human (such as an employee or customer), but increasingly, these actors are something else, like a device or a robotic process. These diverse use cases can be complex to properly address end-to-end in a way that provides sufficient controls while adding little or no friction to the action.

When a security control adds too much friction, the actor finds a way to bypass the control or makes a business case for an exception. In the case of a consumer, they will likely go to a competitor that offers a better experience. If the consumer is lucky, the solution is not to weaken the controls over business or customer data. So, how do you validate every step along the way, especially if some of those steps are outsourced and require you to trust a third party?

Finding the right balance between a purist view of zero trust and the costs to implement it must be evaluated in terms of risk — since zero trust solutions can get very expensive very quickly.

In this edition of Atos Digital Security Magazine, our experts will try to resolve the tension between zero trust as an established approach and the varying ways that the cybersecurity industry describes it. The Atos position is that zero trust is necessary for ensuring service delivery, economic stability and individual privacy, as well as compliance and risk management. If you’re not convinced, consider that logistics executives are identifying trust and data sharing as a critical problem in the global supply chain issues we are currently facing. Maybe it’s not too much to say that zero trust can help us solve a significant global economic issue.

June 2022

Be the first to know the latest insights from the market.

The cybersecurity community is growing and is nurtured by the deep knowledge provided by the experts.
Register to our newsletter to be informed first of the release of next editions of Atos Digital Security Magazine.

It is each quarter, free and you can read it anywhere.

Thank you for your interest. You can download the report here.
A member of our team will be in touch with you shortly