At-risk companies in the third sector such as non-profit organisations and election-related bodies can access free zero-trust tools from cybersecurity company Cloudflare.
The company announced today that its Cloudflare-One suite of zero-trust security tools is available for free to a host of public interest groups deemed “at risk” of cyberattack.
Zero trust is an approach to IT security where access to systems or data is denied by default. Unlike perimeter-based approaches to security, in which anyone who has access to a corporate network is presumed to be a legitimate user, zero trust applies access on a case-by-case basis.
Cloudflare gives zero-trust security for companies in the third sector
Organisations will be able to use remote-working tools that connect all employees, applications, partners and volunteers wherever they are located, and specify individual access controls.
“These organisations face constant threats and need to be safe online to achieve their missions, and now they’ll have access to the same security architecture that Fortune 500 companies are using,” said Matthew Prince, co-founder and chief executive officer of Cloudflare.
The third sector has been at the mercy of an intensifying barrage of attacks throughout the last three years. Four out of ten charities surveyed by the UK government in its 2022 Cyber Breach Survey said they had been affected by at least one negative cyber impact in the last year.
One reason for this might be that there is very little engagement with cybersecurity in the third sector. According to a survey released by the NCSC, one in five charities perceive security to be a low priority and 20% said that not a single employee was trained to identify a cyberattack.
Alarmingly, one in ten admitted that cybersecurity is not even on the agenda of the board of their organisation, though many charities know this is an area where they need to improve. Gareth Packham, director of information security and data protection at Save the Children International told the NCSC report: “Our job is not to turn everyone into cybersecurity experts, but they do need to know how to protect themselves, whether that’s using multi-factor authentication or looking out for phishing emails.”
The growing importance of zero trust security
The zero trust framework for security infrastructure and data has been designed to aid digital transformation, explains a report by security company Crowdstrike. “Execution of this framework combines technologies such as risk-based multi-factor authentication, identity protection, next-generation endpoint security and robust cloud workload technology to verify a user or a system’s identity,” the report says.
Zero trust is increasingly popular with tech teams, but the concept is a significant departure from traditional network security which followed the “trust but verify” method. “This model became obsolete with the cloud migration of business transformation initiatives and the acceleration of a distributed work environment due to the pandemic that started in 2020,” Crowdstrike’s report says.
However, convincing C-Suite executives that zero trust is the way forward remains a challenge for CISOs, Olaf Gnade, cyber risk manager at Deloitte, told Tech Monitor last month. “CISOs who are pushing for it would be well advised to think about their communications approach, whether it’s a fear-based angle, or whether you can get them to buy into the new zero-trust philosophy,” Gnade said. “In the end, it’s about protecting the company’s assets, people knowledge, connections, IP and the customers’ trust.”