Though cybersecurity is a constantly evolving element of business, with new threats and innovations always on the horizon, businesses and organisations in Uganda are hard-pressed to invest in the right solutions. Solutions that are both future-proof – compatible with existing and upcoming technologies – and comprehensive enough to mitigate threats against all of their infrastructure. This is where Zero Trust security comes in. Not just as a concept, but as a whole new way of approaching IT security.
According to the 2022 State of Zero Trust Security whitepaper by security firm Okta, 97% of surveyed companies worldwide either have a Zero Trust security initiative in place or will have one in place within the next 12 to 18 months, up from just 16% of companies in 2019. In January last year, the US government mandated its agencies to implement a Zero Trust architecture strategy by 2024 to reinforce their defences against cyberattacks, declaring the federal government could no longer rely on conventional protection for critical data and systems.
With so much focus on Zero Trust security, it’s worth taking note of what the approach entails, what’s driving its popularity, and the challenges and benefits that come with Ugandan enterprises adopting it.
Changing landscapes
Along with the rest of Africa, Uganda is under growing pressure to confront the threat of cybercrime. The number of reported incidents nationally is on a double-digit year-on-year rise, while many African companies have indicated they are unprepared for large-scale cyberattacks.
But, as this threat grows, organisations are beginning to understand what they need to do to mitigate it. This is reflected within both the public and private sectors. Uganda is guided by the policy directives such as the National Cybersecurity Strategy that aim to protect ICT infrastructure, improve the country’s threat preparedness and response capabilities, and build a safe and trusted digital economy. Meanwhile, more and more businesses are implementing data protection and governance approaches, as well as establishing robust frameworks, under which Zero Trust would fall.
Zero Trust represents a significant move away from the traditional perimeter-based security strategies that many enterprises employ. Solutions such as firewalls are no longer sufficient as hybrid cloud infrastructure becomes the norm and more cloud services become available in Uganda. If we are to build a thriving digital economy, those services will be instrumental, and their protection essential.
A shift in focus
Essentially, Zero Trust allocates access to network infrastructure and data based on the identity and roles of organisation employees. It makes authorisation and authentication an always-on process, restricting access to data and resources by default and ensuring every interaction between users, devices, and accounts adheres to established security criteria.
Digital transformation has contributed to the shift in focus towards Zero Trust security. As consumers and enterprises increasingly use digital products and services, IT systems and workforces become more decentralised and spread out across entire regions. For instance, while many African companies are still predominantly single-cloud users, more will likely move to multi-cloud and hybrid-cloud solutions in the next few years.
Implementing a Zero Trust security framework is no easy task. Once the entire organisation has committed to it, IT and security teams need to catalogue their resources, assign access levels based on roles, eliminate common-place vulnerabilities, establish workloads across devices and environments, and dictate their activity and movement. And, keep in mind, while a Zero Trust approach is becoming more ideal, businesses can still suffer weaknesses such as user credentials being compromised. This emphasises the importance of employee awareness and promoting a culture of security.
Trust where it matters most
There are several benefits to enterprises having a Zero Trust approach to their security. Such frameworks allow them to not only evenly enforce security policies across their IT ecosystem, but also gain additional insights into that ecosystem. They can unlock improved network performance thanks to minimised traffic, respond to anomalies or attacks much quicker, and implement a straightforward logging and monitoring process for their devices and users.
Zero Trust is possible with the right solutions and expertise. Those enterprises using managed services can turn to their vendors for the help they need. For those who are just beginning to build their IT infrastructure, vendors can help embed the necessary security into it and provide long-term value in the face of continued digital transformation. By investing in the solutions that make a difference, Ugandan enterprises can be ready for anything. All it takes is trust where it matters most.
===========================================================================================================================================
The author, Mr. Patrick Ndegwa is the SEACOM Business Sales Lead for SEACOM East Africa
Discussion about this post