What lesson can modern-day Information and Communication Technology Leaders learn from one of history’s most famous disasters.
The Atlantic luxury liner RMS Titanic was supposed to be "unsinkable", due to the construction of the ship’s outer and inner hull, as well as a system of sixteen watertight sections that could be sealed off across the ship.
The unthinkable happened
As we know, the Titanic did sink on her maiden voyage between Southampton and New York, in April 1912. Not because of her design, nor due to any unpredictable, outside threat. The Titanic simply struck an iceberg and sank. Why?
When the iceberg hit, it ripped a gash in the hull breaking through the reinforced perimeter. The next layer of safety were the sealable “watertight” sections, which should have stopped the flooding in theory. But the doors between these sections remained open on that fateful night, which caused ice cold sea water to flood the luxury liner in an uncontrolled way, resulting in the disaster as we know it.
A source of important lessons
The investigations that followed the inaugural voyage of the Titanic were instrumental in developing modern-day standards for safety at sea. It influenced ship designs, set rules for the number of life rafts and belts that should be available, and influenced the practices of crews.
In other words, the maritime industry started building what modern-day ICT leaders would one day call implicit and static trust models.
More than designs and standards
Today's highly digitalized and interconnected organizations may not be vulnerable to ice cold sea water, but they are vulnerable to malicious attacks that may result in another kind of “sinking”. It is a kind of constant threat, which could be compared to continuously navigating through a maze of icebergs – at top speed. The likelihood of experiencing security breaches is extremely high, even with a well-guarded perimeter. From 2008 to 2021, ransomware has moved from being a negligible threat to accounting for 25% of all data breaches, according to Verizon's 2022 Data Breach Investigations Report.
Zero trust security
This is why, according to Gartner, a growing number of companies are adopting the so-called "zero trust security paradigm". It is an approach to security that replaces implicit trust with continuously assessed explicit risk and trust levels, based on identity and context, supported by security infrastructure that adapts to risk-optimize the organization's security posture.
Or, if we return to the metaphor of the Titanic, it is building a culture where all the sealable sections to avoid flooding of the ship are continuously kept shut to avoid any contamination between various parts. Rather than being kept open because it's easier and more convenient for employees not to have to provide identification or pass codes, or because legacy systems are unable to utilize the security protocols required, all systems require proper identification and do not extend the benefit of implicit trust to anyone. It means putting security first in every process step, minimizing the damage potential of any threat actor.
A competitive imperative
Implementing zero trust is not something that can be done in isolation. It needs to be a part of the organizational culture, based on a common commitment to security. Zero trust is not a product or a technology that can be bought off the shelf – it is a capability that is rapidly becoming a competitive imperative.
At Pexip, we are committed to powering video everywhere. Safeguarding everything, while making systems and solutions interoperable, are fundamental principles for our product development and innovation efforts. We have embraced the zero-trust security paradigm, not because we do not trust each other, but because we believe our commitment to these principles is the best way to earn the trust of our customers.
- Meet & collaborate securely
- Secure meetings
- Secure collaboration
- Business continuity