What lesson can modern-day information and communication technology leaders learn from one of history’s most famous disasters?
The Atlantic luxury liner RMS Titanic was supposed to be "unsinkable" due to the construction of its outer and inner hull and a system of sixteen watertight sections that could be sealed off across the ship.
The unthinkable happened
The Titanic sank on her maiden voyage between Southampton and New York in April 1912. It was not because of its design or any unpredictable outside threat. It simply struck an iceberg and sank.
Why?
When the iceberg hit, it ripped a gash in the hull, breaking through the reinforced perimeter. The next layer of safety was the sealable “watertight” sections, which should have stopped the flooding in theory. But the doors between these sections remained open on that fateful night, allowing ice-cold seawater to flood the luxury liner uncontrolled, resulting in the disaster as we know it.
A source of essential lessons
The investigations that followed the inaugural voyage of the Titanic were instrumental in developing modern-day standards for safety at sea. It influenced ship designs, set rules for the number of life rafts and belts that should be available, and influenced the practices of crews.
In other words, the maritime industry started building what modern-day ICT leaders would one day call implicit and static trust models.
More than designs and standards
Today's highly digitalized and interconnected organizations may not be vulnerable to ice-cold seawater. Still, they are vulnerable to malicious attacks that may result in another kind of "sinking." It is a kind of constant threat, which could be compared to continuously navigating through a maze of icebergs – at top speed.
The likelihood of experiencing security breaches is exceptionally high, even with a well-guarded perimeter. From 2008 to 2021, ransomware has moved from being a negligible threat to accounting for 25% of all data breaches, according to Verizon's 2022 Data Breach Investigations Report.
Zero trust example
This is why, according to Gartner, a growing number of companies are adopting the so-called "principle of zero trust security." This approach to security replaces implicit trust with continuously assessed explicit risk and trust levels based on identity and context, supported by security infrastructure that adapts to risk and optimizes the organization's security posture.
Or, if we return to the metaphor of the Titanic, it is building a culture where all the sealable sections to avoid flooding the ship are continuously kept shut to prevent contamination between various parts.
Rather than being kept open because it's easier and more convenient for employees not to provide identification or passcodes or because legacy systems cannot utilize the security protocols required, all systems require proper identification and do not extend the benefit of implicit trust to anyone.
It means putting security first in every process step, minimizing the damage potential of any threat actor.
Pexip's commitment to the principle of zero trust security
Implementing the principle of zero-trust security cannot be done in isolation. It must be part of the organizational culture, based on a shared commitment to security. Zero trust is not a product or technology that can be bought off the shelf—it is a capability that is rapidly becoming a competitive imperative.
At Pexip, we are committed to powering video everywhere. Safeguarding everything while making systems and solutions interoperable are fundamental principles for our product development and innovation efforts. We have embraced the principle of zero-trust security, not because we do not trust each other but because we believe our commitment to these principles is the best way to earn the trust of our customers.
Read more: How to optimize your zero trust strategy for secure video conferencing.
