Overhauling Zero Trust: How to enforce the security you need
The need for organizations to recalibrate and reprioritize their Zero Trust efforts has been abundantly clear for years, and recent vulnerabilities like those with Microsoft Exchange and Google Chrome have further magnified the need for improvement. However, the conversations surrounding how to mitigate these threats and adopt a framework of actual Zero Trust have become increasingly oversaturated.
Rather than throwing around industry buzzwords and "talking the talk," the cybersecurity community must understand that the luck they’ve encountered playing one of security’s most dangerous zero day games is likely to run out in short order. Instead, they must focus their efforts on "walking the walk" by implementing a model of Zero Trust. Thanks to a recent industry survey and accompanying report, there are a handful of trends that are already in motion as organizations and cybersecurity professionals alike work towards adopting a true Zero Trust environment.
Getting Lapped: Numerous Hurdles for Zero Trust
Although the benefits of Zero Trust are immense and necessary, there are often numerous hurdles that organizations face while on the path towards adoption and implementation. First and foremost, industry professionals simply lack confidence when it comes to Zero Trust projects. Nearly 40 percent of survey respondents noted that they were not confident in applying Zero Trust in order to provide secure access to their architecture.
As a result, their organizations continue to fall further and further behind. 70 percent of professionals admitted that their organizations don’t have a single Zero Trust access project currently underway or already in place. Even more shockingly, 21 percent of which admitted they have no plans for Zero Trust access.
Additionally, offering too many privileges can often lead to too many problems. When asked about access challenges, over-privileged employee access (61 percent) is the top concern for organizations, followed closely by providing secure access to partners (53 percent), cyber attacks (46 percent), and shadow IT (43 percent). That being said, all hope is not lost on the Zero Trust horizon.
Moving the Needle: Adoption & Implementation Priorities
Despite these challenges and knowledge gaps, Zero Trust still remains top of mind for IT and security teams. More specifically, almost three-quarters of respondents said they are planning to adopt a cloud-based Zero Trust solution in the next 18 months. So what are the most common reasons behind this sudden change of heart in 2021? Well, most notably, an increased emphasis on data protection (85 percent), breach prevention (70 percent) and reducing insider, endpoint, and IoT security threats (49 percent).
Once implemented, professionals are eager to use a variety of solutions in tandem with their shift to Zero Trust in order to accomplish these goals. For example, over the next year, multi-factor authentication (60 percent) is by far and away the biggest priority, but both privileged access management (PAM) and microsegmentation tools aren’t far behind (40 percent). However, regardless of the solution being utilized to enhance an organization’s security posture, the most important thing is that as many professionals become aware of Zero Trust’s importance to overarching cybersecurity goals for both 2021 and beyond.
Ready or Not: Here comes Zero Trust
The writing is on the wall: Zero Trust is here to stay whether organizations are fully prepared or not. However, by educating themselves on the unique considerations that each environment will require, security professionals and business leaders can gain the confidence necessary to successfully adopt Zero Trust within their organizations and finally get ahead of the security curve. After all, even though many have unfortunately learned the hard way in cybersecurity’s most dangerous game, recognizing others’ mistakes and implementing a few simple steps can enhance security postures
Jeff Hussey is Co-Founder, President & CEO, Tempered Networks