Why Siemens sees Zero Trust as the security model of the future
Zero Trust: How does this concept fit together with IT/OT and cybersecurity? The expression might be misleading as zero trust evokes a quite negative image in our heads. But let me tell you this: It is actually much better than it sounds, and it brings a lot of advantages. But let’s start from the beginning:
The traditional IT environment is like a secure fortress – everything inside the network is considered trustworthy and everything outside is assumed hostile. Up until now, firewalls, IP addresses and ports were the security perimeter and the basis for determining what resources a user is allowed to access.
But our world is changing … In a time where employees increasingly work mobile, access files from different devices regardless where they are located, and use more and more cloud applications, the security control points must be moved beyond the network.
With all this in mind, Siemens has decided to pave the way for a Zero-Trust-compatible setup within the company. What does that mean in particular? I’ll explain it:
With Zero Trust, in contrast to this traditional IT security practice, no device, user, workload or system should be trusted by default – neither inside nor outside the organization/network. All users and resources must be verified and authenticated. Every access request and all communication behaviors are evaluated in real time.
As you see, the expression “Zero Trust” covers only half of the story. Adding the subtitle “never trust – always verify” exposes the whole potential of the concept: focusing on protecting users, applications, and workloads by authentication and authorization. And this leads to the promised benefits: Zero Trust not only mitigates cyber risk, but also brings more security, flexibility and speed.
This new security paradigm is the key element of long-term modernization objectives and serves as an integrated security philosophy for digital enterprises. And not only Siemens is on the path to a state-of-the-art Zero Trust network– it’s an important trend within the branch. A current research report (2020 Zero Trust Progress Report) found that out of 400 cybersecurity decision-makers for organizations, 72 percent plan to assess or implement Zero Trust capabilities in some form by 2020. Furthermore, 43 percent have projects planned and 29 percent have a Zero Trust model in place or under way.
Within Siemens, the Zero Trust Program, which is a joint initiative of Siemens IT, Cybersecurity and research experts from Siemens Technology in collaboration with the Siemens business branches, finds highest priority and management attention. The vision is to create secure and integrated digital services and to position Siemens as a world-leader in Zero-Trust-enabled products. With the introduction of Zero Trust, Siemens aims to enhance usability and data protection as well as reduce the complexity of the IT and OT environment.
All this makes Zero Trust to the security model of the future for our company.
Cybersecurity at Siemens