Disrupting ‘Good Enough’ Zero-Trust Cyber Security

Acora was excited to attend the very first Security4Security (S4S) Club conference in London earlier in September 2023.

The S4S club is an innovative and collaborative series of events co-designed by technology providers and security professionals to encourage meaningful conversations around the latest trends, challenges, and solutions within the cyber security industry.

The day featured keynote speeches, workshop discussions, and interactive sessions covering a range of topics. Hosted by thought leaders from across the cyber security industry, including President Biden’s cyber adviser, sessions aimed to share personal journeys, push the boundaries, and challenge any preconceptions.

Acora were delighted to facilitate a workshop on Achieving ‘Good Enough’ Zero-Trust Cyber Security.

Led by Acora’s Simon Crumplin, with contributions from key Acora clients, the session was a hit, sparking curiosity among attendees.

Workshop participants discussed whether it is possible to achieve a definitive “ZERO” or whether accepting that you cannot ever achieve this is an alternative and acceptable approach.

By questioning ‘What is good enough?’ the workshop looked to demystify the industry propaganda about having one of everything, exploring what ‘next-gen’ may look like and how to build a cohesive security strategy that makes sense for your environment.

Delving into the concept of Zero Trust, our clients shared their experiences of what ‘zero trust’ means to their businesses, how they achieved buy-in, lessons learned and what they would do differently.

The key takeaways of the session were that every vendor has a Zero Trust capability and promises to solve all our problems, but the first and foremost lesson from the workshop was the fundamental understanding that Zero Trust is not a one-size-fits-all technology or a ‘magic-bullet’ product you can simply purchase and implement. It is a security model based on a set of strategic principles, and whilst there is not a right or wrong way to develop a zero trust approach, you cannot treat all things as equal. Starting with determining what is critical to the business is recommended and those critical factors (data, assets, applications, services) should be treated as a priority.

Organisations that take an ‘assumed breach’ position as a guiding principle, where offence informs defence, will know the impact to the business, to further drive priority.

In addition, implementing a continuous cycle of measuring, testing and fixing, organisations will quickly detect changes in their security posture, rapidly informing their organisation if their security profile has shifted/drifted for better or worse.

The Acora team were on hand to share with delegates how our ‘Always Be Testing’ service helps organisations ensure their cyber security profile stays on track, please get in touch if you would like to know more.

Finally, a special thank you to our clients for their fantastic and very generous contributions to the Acora workshop, and we would like to extend our wider thanks to everyone who attended, supported, and contributed to making the first S4S conference a huge success!

What a fantastic first S4S event. Thanks to all who attended and participated. A special mention to our two Acora clients who shared their honest and thought-provoking experiences of developing a good enough Zero Trust cyber approach for their organisations. Really great insights into how they are working to continually improve their security postures.

SIMON CRUMPLIN, HEAD OF CYBER PRACTICE (ACORA)