Zero Trust: Unravelling the enigma and charting the future

For nearly two decades, the concept of Zero Trust has perplexed and intrigued IT and cybersecurity professionals alike. It’s been labelled a vulnerability, a decision, a mindset, and even a paradigm shift. Its definition is as elusive as its application is broad, underpinning a diverse array of technologies. But what exactly is Zero Trust? What are its origins, and perhaps most critically, what does its future hold? Is it a fleeting trend or a harbinger of a lasting change in cybersecurity? Can it effectively safeguard burgeoning infrastructures like the Internet of Things?

These pressing questions are at the heart of discussions by the newly formed Zero Trust Special Interest Group (ZTSIG) founded by Cameron Bell of Condatis, an influential figure in the cyber and identity domains. The ZTSIG, a citizen-led initiative on LinkedIn, seeks to bridge the gap between cybersecurity SMEs, innovators, and end-users within Central Government, Critical National Infrastructure, and National Security sectors. This non-commercial platform fosters the exchange of innovative ideas and advancements in cybersecurity best practices.

The group lobbies throughout the year for the adoption of Zero Trust principles and convenes annually in London for an exclusive, full-day conference. Guided by an esteemed Industry Advisory Board, the ZTSIG boasts the expertise of UK’s cybersecurity luminaries, including Edmund Sutcliffe, a venerable Information Technologist and principle at Considrd Consulting ; Professor Bill Buchannan OBE, a prolific researcher from Edinburgh Napier University; and Sian John MBE, Chief Technology Officer at NCC Group. Additionally, the group garners support from techUK, the UK’s Technology Trade Association, advocating for technology’s pivotal role in shaping a prosperous future for society and the planet.

As the ZTSIG Industry Advisory Board’s Chairperson, I am aiming to ignite the conversation with a provocative whitepaper “Zero Trust: Yesterday, Today & Beyond”, available on LinkedIn. The paper delves into the evolution of Zero Trust, examining historical principles, lessons learned, and the challenges and implications of transitioning to a Zero Trust architecture amidst emerging trends. It serves as a touchstone for IT and cybersecurity professionals, revisiting the often-overlooked history of IAM and proposing a trajectory for Zero Trust’s future, complete with recommendations for initiatives and potential solutions to address the identified challenges and opportunities.

The inception of the ZTSIG marks the beginning of a long-overdue discourse on the genuine merits, dangers, expenses, and future development of Zero Trust and IAM at large. Zero Trust has become a potent marketing catchphrase, and its relevance is expected to persist, much like the corporate network perimeters whose demise has been greatly overstated. According to Gartner, by 2026, 10% of large enterprises will have established a mature and quantifiable Zero Trust program. We stand at the threshold of an extensive and costly journey toward a secure IAM framework within an increasingly open and collaborative network ecosystem.

The debate is set to explore the risks tied to Zero Trust, the business rationale for its adoption, the future landscape of IAM, the efficacy of nascent AI-driven technologies, and the contours of forthcoming security architectures. The ZTSIG invites you to partake in this debate, contributing to a collective understanding of Zero Trust and steering its future course.

Join the conversation and help shape the trajectory of Zero Trust in the cybersecurity landscape. 

David Lacey is a former leading CISO, Infosec innovator and founder of the Jericho Forum. He is considered by many to be the Grandfather of Zero Trust.