1 minute read
Zero Trust Adoption is a Continuous Process
Emad Fahmy, the Systems Engineering Manager for Middle East at NETSCOUT, says perimeter-based networks no longer possess the requisite access controls to be able to detect or prevent cyberattacks
How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
Advertisement
The term 'Zero Trust' refers to a unique architectural approach to enterprise security in which inherent network trust is eliminated, the network is presumed hostile, and each request is examined based on an access policy. Over time this model has evolved from network-based perimeters to a sophisticated model based on users, assets, and resources.
Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did? Traditionally, the most effective method for defending organizations against potential vulnerabilities consisted of establishing a strong exterior perimeter, a boundary between an organization's internal network and the neighbouring external networks. This premise, however, is no longer applicable today. With the rapid proliferation of cloud solutions and the rise of remote and hybrid workforces, the enterprise network and threat landscape has drastically transformed over recent years. Perimeter-based networks no longer possess the requisite access controls to be able to detect or prevent cyberattacks, due to the ever-growing threat surface and evolution of attack vectors. Cloud-based and remotely accessible infrastructure enable anybody to work and communicate from any location and on any device, but it is vital to time, universal solution. Industry experts have warned that cyber-attacks will be focused on techniques that zero trust controls can’t mitigate. guarantee that access is secure and centrally managed. This is where zero trust come
What according to you are the limitations of zero trust?
The concepts of zero trust are still being evaluated and tested. It needs to cater specifically to individual organizations, and this requires a lot of understanding and maturity.
The disconnect between the Board of Directors and CISO in an organization on risks to the organization just adds to the confusion. I would believe that the limitations are only from the clarity of definition and scalability that can be adopted by organizations that are lacking today.
How can companies get started with zero trust?
Implementing and developing a Zero Trust model takes time and is an ongoing process of enhancements and adjustments. It requires the collaboration of multiple technologies, including multifactor authentication, endpoint security, and identity protection. As organizations begin and refine their Zero Trust architecture, their solutions increase in reliance on comprehensive visibility and monitoring, automated processes and systems, and integrating more fully across pillars, becoming more dynamic in their policy enforcement decisions.
