In the fast-evolving landscape of cyber threats, South African companies face a growing challenge to secure their digital assets. As businesses become more interconnected and data-dependent, the need for a robust cyber security strategy becomes paramount. One approach gaining traction globally is the concept of Zero Trust.
At its core, Zero Trust challenges the traditional notion that entities within a network should be implicitly trusted. Instead, it advocates for a continuous verification process, ensuring that trust is never assumed, and security is upheld at every interaction. In simple terms, Zero Trust is based on the premise that everyone and everything requesting anything in your IT environment must be verified before it can be trusted.
South African companies operate in an environment where cyber threats are not only increasing but also becoming more sophisticated. Traditional security models, built on the assumption of a secure perimeter, are proving inadequate in today’s dynamic threat landscape. This realisation underscores the need for a strategic shift – one that aligns with the realities of modern cyber security challenges: Zero Trust.
Zero Trust is undoubtedly gaining strong interest, with industry research indicating that 60% of organisations are planning on or are actively implementing a Zero Trust strategy. However, according to Gartner research, although many organisations have a Zero Trust strategy and are working to implement Zero Trust technologies, few are mature. A lack of integration across security products makes it hard to achieve end-to-end Zero Trust deployment, and organisations that have adopted Zero Trust struggle to verify an improvement in their security posture because there are no effective methods to measure the impact.
Despite the complexities, cyber security professionals unanimously advocate for a Zero Trust approach, or at least a journey towards it.
What makes Zero Trust appealing is that implementing it doesn’t mean you have to overhaul your existing systems. Instead, it involves a strategic, phased approach that aligns with the unique needs and constraints of your business.
Cyber resilience and Zero Trust are not just technological imperatives; they are also critical legal considerations. From a legal standpoint, companies must ensure that their cyber resilience strategies align with regulatory requirements and industry standards. This involves not only implementing robust security measures but also documenting these efforts to demonstrate compliance with data protection laws such as the Protection of Personal Information Act, 2013 (POPIA) (South Africa’s prevailing law on privacy protection) and any other privacy laws around the world that could apply to a company’s use of personal information (e.g., GDPR, UK Data Protection Act, the CCPA, and others). Failure to do so can result in severe legal consequences, including fines, penalties, and reputational damage.
As mentioned above, Zero Trust architecture requires a meticulous approach to access control and data management (see “User-Centric Security” described above). From a legal standpoint, this approach is invaluable as it minimises the risk of unauthorised access and data breaches, which are central concerns under many data protection regulations. Organisations must establish clear policies and procedures for identity verification, continuous monitoring, and incident response. These policies should be regularly reviewed and updated to keep pace with evolving cyber threats and legal requirements.
Additionally, the risk flagged above on “Vendor and Supply Chain Security” raises the legal consideration that contracts with third-party vendors must reflect a commitment to cyber resilience and Zero Trust principles. This includes incorporating specific clauses that mandate adherence to stringent cyber security standards, regular security audits, and immediate notification about security incidents. Such provisions help mitigate legal risks and ensure all parties are equally committed to maintaining robust cyber security postures.
It’s important to remember that Zero Trust, like all cyber security approaches, is not a silver bullet and it alone cannot eliminate all cyber threats. Cyber security is multi-layered and any good cyber security practice will advocate overlapping layers designed to work together to detect and stop intrusion. Zero Trust must, therefore, be complemented or supported by a holistic cyber security strategy to be fully effective.
In a digital landscape fraught with uncertainties, applying at least the basics of a Zero Trust strategy is a step towards a resilient cyber security posture for South African organisations. It’s not just about preventing breaches but building the ability to adapt, respond, and recover swiftly from any security incident. Resist the temptation to chase the latest cyber security trends and stick to the basics.
Integrating legal perspectives into cyber resilience and Zero Trust strategies is crucial. By aligning security measures with legal requirements and ensuring contracts with third parties include stringent cyber security obligations, organisations can better protect themselves from cyber threats and legal liabilities.
When embarking on a Zero Trust journey, organisations should adopt a pragmatic approach aligned with their unique evolving threat landscape. To fully understand the nuances and design a journey tailored to your organisation’s needs and goals, partnering with an expert can help you navigate this shifting digital terrain with confidence.
Cyberlogic is a trusted Managed Solutions Provider specialising in IT leadership, cyber security, business intelligence, and cloud solutions. For almost three decades, we’ve delivered transparent, open guidance to help our clients improve their technology processes, grow their businesses, and secure their data. To find out more about our comprehensive cyber security solutions, reach out to the ENS Team below.
The Technology, Media, and Telecommunications (TMT) team at ENS has a diverse combination of specialist international skills, experiences, and backgrounds, which allows each of our lawyers to view your situation from a different vantage point. This means we can provide you with a multi-faceted, comprehensive offering. Our key differentiator is our understanding and knowledge of business challenges and intricacies in the TMT industry. This enables us to provide practical advice to TMT service providers and customers as we shape our services to meet your precise needs. For more information, visit ensafrica.com.
Reviewed by Ridwaan Boda, an Executive in ENS’ TMT practice.
Co-authored by:
Priyanka Raath
Senior Associate | Technology, Media and Telecommunications at ENS
Roscoe Petersen
Head of Cyber Security | Cyberlogic
Block D, Capital Place
16 Neutron Road
Technopark
Stellenbosch
7600
Your Managed Solutions Partner, focusing on Cloud, Infrastructure, Cyber Security, Data and Analytics, and IT Advisory.
Secure managed IT services for SMBs and Corporates.
Full-service cyber security for organisations of all sizes.
Data landscape optimisation that enables fact-based decisions fast.
Hybrid, Public, and Private Cloud services for the future, today.
The latest from our technology partners.
Ad hoc licenses from all major software providers.
Flexible payment solutions to enable scale without compromising cashflow.
