Why Relationships Matter: The Missing Link in Zero Trust

Accurate inventory of your IT assets is widely regarded as the crucial underpinning of any successful automation, operational improvement, or security program. Without understanding your environment, you cannot hope to protect, operate or successfully orchestrate it. 

However, when we think of inventory we too often think of things including systems, services, users, and even data. An accurate understanding of your things (or nodes as we call them in the vArmour Relationship Graph) is necessary, but it is insufficient. As important to every single effort to manage operational or cyber resilience is an accurate understanding of the relationships between things. This is because relationships form the basis of all modern IT architectures and the modern digitized business and societal systems they support. Unfortunately, a lack of understanding and enforcement of relationships is also the root cause of almost every successful cyber attack, and the root of many of the most pernicious operational failures.

In order to illustrate the importance of relationships, let us first consider the world before ubiquitous networking by traveling back to the 80s: In the 1980s, many business processes were delivered using non-networked systems with static inputs and outputs. Every organization had a good idea of their computing inventory  but did not need to worry too much about cyber and operational resilience beyond physical access controls, and physical recovery processes because systems were not interconnected. Taking inventory of your things was necessary, sufficient, and simple.  

Fast-forward three decades: Ubiquitous networking has transformed our technical architectures, the business landscape, and our social behavior. The Web introduced Service Oriented Architectures (SOA), which yielded interconnected systems and data. APIs exposed services which could be consumed to create the digital economy. Cloud adoption accelerated this process by supporting new computing models, decomposition of systems and services, mobile access, and the emergence of data as the most valuable and sought after commodity. 

We do indeed have more things, and they are far more heterogeneous, temporal, and virtualized. But, the biggest revolution has been in connectivity and in relationships. Relationships between systems, businesses, and every single thing and person on the face of the earth.

The importance of the relationship is recognized within the Zero Trust Architecture which is essentially a discipline to address the downsides of ubiquitous, open connectivity provided to us by TCP/IP networks over the past thirty years. Zero Trust tries to achieve this by ensuring that only necessary or good relationships are permitted. 

This is why the relationship is the most important part of our inventory because without an accurate understanding of each required relationship within our complex systems it will be impossible to attain Zero Trust without either:

  1. Undoing the digital transformation brought by immediate, open, ubiquitous networking by introducing brittleness and friction; or 
  2. Failing to address the security threats which are being continuously exploited against our highly interconnected digital infrastructure.

Knowledge of relationships enables organizations to implement the Zero Trust permissions required to safeguard their business and our digital society. At vArmour, this is why we spend our time ensuring that our customers understand the myriad of digital relationships underpinning their businesses, in a manner that enables them to reduce their cyber and operational risk—by implementing Zero Trust and managing their application dependencies proactively. We observe complex enterprise networks, identify the things that are actually present, and describe the relationships binding the system together in a way that enables organizations to take action to proactively reduce their risk. 

In a digitally connected world, relationships must be a high order consideration of any inventory. That is why we say “Relationships Matter.”


Read More
June 17, 2024
Reflections on Resilience: The Properties of Resilient Systems and Their Business Benefits
Read More
April 18, 2024
Reflections on Resilience: Digitalization and ‘Errors of the Third Kind’
Read More
April 2, 2024
What the Financial Services and Markets Act means for Technology Resilience

Timothy Eades

Chief Executive Officer