2 minute read
Zero Trust is Gaining Popularity
How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
Zero Trust Network Architecture has evolved significantly since it was first introduced. Initially, the concept of Zero Trust focused on authenticating and authorizing users and devices before granting them access to the network.
Advertisement
Over time, the concept has expanded with the digital landscape to include the authentication and authorization of applications, data, and devices, both on-premises and in the cloud. The approach has moved from being a network-centric model to an identity-centric model, emphasizing the importance of identity management and continuous monitoring.
Do you believe that technologies that support zero trust are moving into the mainstream?
Yes, definitely, with the increasing number of cyberattacks and data breaches, organizations are looking for more robust and reliable security solutions, and Zero Trust is gaining popularity as an effective approach to securing digital assets.
Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did?
Yes, I believe that IT departments require a new way of thinking because the traditional castle and moat approach of securing the perimeter is no longer a valid singular approach to security in today's complex and dynamic IT environments.
With the adoption of cloud-based services, mobile devices, and remote working, the perimeter has become porous, making it easier for cybercriminals to breach the network. The Zero Trust approach, which focuses on identity and access management, continuous monitoring, and data protection, along with vulnerability management and remediation programs is a more effective way of securing the digital assets in today's world.
How can companies get started with zero trust?
That is indeed a broad question that can take some time to answer. However, some steps I would recommend that companies can take to start their Zero Trust journey include conducting a comprehensive inventory of their digital assets, identifying their critical data and applications, mapping their data flows and processes, implementing multi-factor authentication and least-privilege access policies, and continuously monitoring and auditing their environment for anomalous activities.
What according to you are the limitations of zero trust?
Like any security concept, there are limitations. First is complexity — implementing Zero Trust requires significant resources, including time, money, and expertise, which can be challenging for small and medium-sized organizations.
People that are wanting to consume Zero Trust as a security module must understand this is not an all-in-one solution that you can buy of the shelf — Zero Trust is a concept and there is a lot of work around identifying and documenting internal processes.
Secondly, like Data Loss Protection (DLP), Zero Trust touches the entire organization, changing how people work. Implementing strong security controls, such as multi-factor authentication, can sometimes lead to a poor user experience, which can affect productivity and adoption rates.
Zero Trust can produce a lot of false positives in its early stages of implementation, so companies need to watch out for any loss of productivity due to hard stop rules being implemented. It can also generate an inordinate amount of security alerts that security teams need to deal with, which in turn can mean positive alerts are being ignored.
Finally, implementing a Zero Trust program does not provide a fool proof protection against every type of cyber-attack and can be vulnerable to certain types of advanced threats such as supply chain attacks and insider threats.
Therefore, it's important to complement Zero Trust with other security measures such as threat intelligence, incident response, vulnerability management and remediation, and backup and recovery plans.
