Zero Trust

Despite their weaknesses, many organizations continue to rely on a fundamentally flawed traditional security approach that exposes their systems, their data, their users, and their customers to significant risk. Yes, I’m talking here about passwords.

While password practices may have remained a security staple over the decades, the proliferation of digital services offers rich pickings for cybercriminals. Using various methods to gain access to digital accounts, cyber criminals typically target passwords to conduct an attack or account takeover. That’s because passwords are easy to steal and share.

A new study of over 200 CISOs and senior security leaders at organizations with over 5,000 employees shows that 93 percent have suffered at least one cyberattack in the last year and all of them think the security landscape is worsening.

The research from Censys also shows that 53 percent identify the need to secure their organization's entire attack surface as their top priority.

The days when businesses operated within a defined perimeter that could be neatly protected by a firewall are long gone. Today’s enterprises are dynamic. In the era of cloud native, infrastructure is completely distributed -- from the traditional datacenter to multicloud instances, from physical servers and VMs to microservice-based applications and containerized workloads.

This change in how businesses operate necessitates a shift in how we defend. The old adage of "Trust but verify" has been replaced by, "authenticate everything all the time," otherwise known as "zero trust". Zero trust dictates that security teams must focus on each of the connection points on the network -- from the datacenter to the cloud to the endpoint, every connection must be verified and authenticated.

Hybrid cloud and hybrid work have changed where and how we access systems, challenging organizations to find ways to secure the enterprise while delivering the best user experience.

While cloud-delivered Zero Trust Network Access (ZTNA) solutions are now widely adopted to secure remote work, they don't deliver the application performance and inline policy enforcement needed for workers at the office.

Enterprises are faced with a barrage of new threats and entry points and as a result need to deploy, scale, enforce and maintain zero trust security policies to keep pace.

Access control needs to be at the core of any successful zero trust model but this too presents challenges. We spoke to Denny LeCompte, CEO of Portnox, to discover how organizations can overcome zero trust barriers.

Many organizations have come to rely on Zoom as a means of connecting employees and customers in a hybrid environment.

But this comes with challenges when it comes to keeping meetings secure without harming productivity. Identity management platform Okta is launching a new identity verification feature that will authenticate Zoom meeting attendees in End-to-End Encryption (E2EE).

Growing numbers of cyberattacks have highlighted the shortcomings of passwords and legacy multi-factor authentication systems.

Beyond Identity today launches Zero Trust Authentication, which has been developed in response to the failure of traditional authentication methods. It includes components such as Beyond Identity's risk scoring and continuous authentication capabilities to significantly enhance the level of protection offered.

Technology continues to advance at an unprecedented rate. The development and use of Application Programming Interfaces (APIs) being a particularly notable example.

The latest Salt Labs State of API Security report found that overall API traffic increased 168 percent over 12 months, with API attack traffic increasing by 117 percent in the same time period. Perhaps understandably, many CISOs are struggling to keep up.

In today’s mobile and cloud-first world, zero trust has become a key requirement for organizations looking to secure the digital infrastructures where their applications, data, users and devices reside.

There’s little doubt that COVID-19 changed the rules of the game where enterprise security is concerned. Historically, security models were based on 'castle and moat' style architectures where the enterprise’s network and data center were guarded by firewalls on the perimeter. When users left the 'trusted' enterprise network, VPNs were used to extend the enterprise network to them.

Trust in corporate networks has never been more important. The rapid adjustment to more distributed workforces -- and an associated explosion of devices -- has dramatically increased cyber threat levels. As a result, Zero Trust has emerged as the de facto cybersecurity framework for operating in the business.

The NCSC (National Cyber Security Center) defines a Zero Trust architecture as "an approach to system design where inherent trust in the network is removed. Instead, the network is assumed hostile and each access request is verified, based on an access policy."

A new set of zero trust email security solutions from Cloudflare are aimed at protecting employees from multichannel phishing attacks, preventing sensitive data from being exfiltrated via email, and helping businesses speed up and simplify deployments,

Compatible with any email provider, the protection is integrated into Cloudflare's platform, helping to secure all of an organization's applications and data.

Over the past couple of years enterprise security teams have faced a number of challenges, not least the shift to more remote and hybrid working.

This has driven forward plans to adopt automation and technologies like zero trust. So, what changes can we expect to see as we move forward into 2023?

More than 90 percent of organizations migrating to the cloud have implemented, are implementing, or are in the process to implement a zero trust architecture.

But a new study from Zscaler shows only 22 percent of global IT decision-makers claim to be 'fully confident' that their organization is leveraging the potential of their cloud infrastructure, presenting an opportunity for zero trust.

The COVID-19 pandemic ushered in a new era of remote and hybrid work that many of us knew was possible, but felt was years away from being realized. Now, we can work anywhere in the world asynchronously, with access to the documents and tech stack required to do our jobs as we would in an office setting.

While this has helped create a better work/life balance for many employees, this corporate culture shift has created a host of new challenges for cybersecurity teams. The increase in endpoints, with an increasing number of devices accessed remotely, requires a higher level of security to tackle growing online threats. How can IT teams champion hybrid workflows in an untrustworthy digital landscape? Fortunately, there is a solution to this problem -- a zero-trust architecture.

A new survey of 150 federal cybersecurity leaders finds that 73 percent of respondents feel a lack of foundational data protection efforts puts their agency at risk.

In addition the research, from data protection provider Zettaset, shows 77 percent say that siloed systems that lack visibility make it difficult to properly protect critical assets. It's not surprising then that 57 percent report experiencing multiple data breaches over the past two years.