Oliver Winzenried is Managing Director of Wibu-Systems.

What consequences does the Zero Trust approach have for the architecture and organization of network security?

Winzenried: In principle, there is a paradigm shift away from perimeter protection to protection at all levels and for all accesses. A 'trusted environment' is becoming an architecture of micro-segmentation, in which essentially every access goes from one segment to another. The validity of the access can then be checked for each of these segment changes. This turns a router into a firewall with many areas.

At Wibu-Systems, we currently have more network areas than employees! The architecture of the network must therefore be virtualized as far as possible.

In addition to user authentication, there is also dynamic monitoring and checking of all (including internal) network traffic. Centralized checking not only against fixed rules, but also by cloud or AI-based services is essential.

What special challenges does Zero Trust pose for OT environments in particular?

Winzenried : The operational technology sector is characterized by a large number of different and heterogeneous devices, some of which cannot be integrated into a management system, or only with great difficulty. A comparison with 'a bag of fleas' comes to mind here.

For a Zero Trust approach, it is nevertheless necessary to fully inventory the devices and, if possible, to authenticate them reliably. With many current devices, this is only possible to a limited extent, as no reliable identifiers are available. To ensure authentication in the long term, the basic cryptography must be interchangeable in order to remain secure in the future (quantum computers).

What should companies bear in mind when implementing a Zero Trust architecture?

Winzenried : When implementing Zero Trust, a general rethink is required not only in IT, but also in the operational departments. Zero Trust should not be understood as mistrust of one's own employees, but rather as a relief and protection of employees.

There should be thorough planning before implementation. The planning should give the company a fresh start - so don't be afraid to completely rethink old structures.

Wibu-Systems is represented at SPS on air.