Never trust always verify

Multifactor authentication  >  Mobile phone verification of a permission request for laptop login.
Aurilaki / Your Photo / Getty Images

Over the last five years, the number of data security breaches worldwide has risen 67 percent and with it, the cost of cyber-crime has alarmingly climbed 72 percent. Threats have become more complex and sophisticated as businesses feel the brunt.  In fact, a staggering 60 percent of SME’s that fall victim to such malicious activity go out of business within six months.

In Australia, a new cybercrime is reported every 10 minutes and over 23,000 businesses were hit in 2019 alone, with more than 9.2 million malware detections recorded up until June, according to research from Stay Smart Online. The total cost of cybercrime in Australia last year (including security professional and systems) is estimated at a whopping $29 billion. The direct cost of attacks is expected to come in at more than a billion dollars, which is projected to grow by more than a quarter next year and top $1.5 billion by the end of 2022.

In the face of this mounting threat, IT professionals are adopting innovative, up-to-date and comprehensive security strategies.  ‘Never Trust, Always Verify’ is one such strategy that is prevailing over bad actors and adverse cyber activity by helping IT professionals maintain necessary levels of protection. 

What is Never Trust, Always Verify?

Never Trust, Always Verify is a framework or model enforced by Forrester, of controlling your data/IT operations and systems. When a connection to a system or data is attempted from the inside or outside of your network, access is restricted without verification. This holistic approach to security relies on a combination of technology and governance to secure your IT environment. There are four core tenants to a Never Trust, Always Verify security model: physical security, logical security, process, and third-party accreditation and certification.

Physical Security

In any form of computing, the physical data center is undoubtedly the epicenter of customer data and the first layer of defense. It must be well maintained in a suitable environment with restricted and controlled access. 

Simple measures like CCTV cameras, access cards and power, cooling and fire suspension measures are there to protect and prevent equipment failure and intrusions. IT professionals must treat their physical data center like they would their own home and ensure it’s  secure and safeguarded at all times. 

Logical Security

Logical security refers to the varied layers of technical configurations and software that create a secure and stable foundation. In reference to layers, logical security is applied at the network, storage, and hypervisor layers. Your position, or that of your cloud service provider, should be to offer as much security as possible throughout each layer. Be sure to consult with your CSP ahead of time to ensure your logical security is being handled properly.

The Process

You can have the most advanced space craft in the world but without the right crew, it would never even get off the ground. No security solution, whether physical or technological, is effective without a qualified and well-trained team. Those managing the systems and operations must understand the controls that protect their respective solutions. You’ll have to invest equally as much time and money on the training of your team as you do on the solutions. Anything less would be like installing a home security system but forgetting to lock the front door. 


Reliable professionals that protect your data are invaluable. With this comes the need for third-party validation and accreditation to ensure data officers can deliver the job at hand.  Consider adhering to some of the following frameworks and standards such as: the Health Insurance Portability and Accountability Act, Health Information Trust Alliance, Statement on Standards for Attestation Engagements, General Data Protection Regulation, Cloud Security Alliance for the Security, Trust & Assurance Registry, Criminal Justice Information Services, and more. 

As the industry continues to evolve and cyber threats become more complex, you’ll need to ensure you are investing in data security and stick to a very clear strategy. The never trust, always verify framework is a great model for eliminating any vulnerabilities within the business.


Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?