Is zero trust the answer to safeguarding your business?
A 2022 Forrester Opportunity Snapshot says that 83% of Australian and New Zealand firms say zero trust is the future of their organisation’s security.
Yet, despite this enthusiasm, Forrester also reports that 48% of zero trust leaders felt that “their stakeholders struggled to understand the business value of adopting a Zero Trust approach.”
How did we get to the point where zero trust became a thing?
In the past, the normal approach to network security was to trust all users and endpoints within your organisational perimeter, but verify them. However, this put your organisation at risk from internal bad actors as well as external bad actors using legitimate but stolen user credentials for their own malicious purposes.
With the event of the pandemic came a new raft of challenges posed by remote workers, hybrid cloud environments and ransomware threats. For many, their security perimetre started to look like the Wild West – full of bullet holes and baddies.
So, that was then. What about now?
By comparison, zero trust is an approach which stops users (from inside or outside your network) from accessing your applications or data unless they first pass through a process of authentication, authorisation, and continuous validation for security configuration and posture. Unless they meet all these conditions, they do not pass ‘go’.
In recognition that these days there is no traditional network edge, the zero-trust model turns around the traditional approach from the simplistic ‘trust but verify’, to ‘continuously verify multiple times and ways in real time, evaluate the risks, assume there’s an attacker already lurking in your environment, and never, ever implicitly trust!’ So, it’s quite the turnaround.
The zero-trust concept actually dates back some 20 years, but the term wasn’t popularised until 2010 when used in a presentation by a Forrester Research analyst. Things started to really heat up though when in their 2021 "Zero Trust Adoption Report, Microsoft said: “96% of 1,200 security decision-makers who responded said zero trust is critical to their organizations' success.” The report pointed out the need for increased security, compliance agility, speed of threat detection, and remediation as top drivers for adopting zero trust.
Winning hearts and minds through business value
It’s important to realise that zero trust is a philosophy. It’s not a product. And like many philosophies, it can take some time and effort to gain mindshare.
So, what will help sway the minds of your stakeholders? Perhaps knowing that business benefits range from a more empowered employee experience, to improved monitoring and alerts, to streamlined security policy creation, and the improved ability to prevent data loss or theft, might bring a smile to their faces.
If you’re thinking about a zero-trust strategy – from architecture to implementation - feel free to ask us where to start.