Articles about Zero Trust

 More than a decade after the concept of Zero Trust was first introduced, it’s become one of the biggest buzzwords in the industry. According to Microsoft, 96 percent of security decision-makers believe Zero Trust is ‘critical’ to their organization’s success, with 76 percent in the process of implementation currently. 

Zero Trust is on the rise because traditional security models that assume everything inside an organization’s network can be trusted is no longer valid. As enterprises manage their data across multiple applications and environments, on-prem or hosted in the cloud, and as users have more access to data at more interfaces, a network’s perimeter becomes porous and less defined. This causes the threat surface to expand as the edge becomes indefensible. This change has seen many organizations embrace Zero Trust principles to improve their security posture.

Continue reading →

With the decline of the traditional enterprise network perimeter, more and more organizations are turning to a zero trust approach to securing their systems.

This not only reduces the attack surface, it ensures that if an attack does succeed it's much less likely to spread laterally within the network. We talked to Tim Silverline, VP of security at network automation specialist Gluware, to find out more about what implementing zero trust means.

Continue reading →

The corporate infrastructure of US government agencies will soon be transferred to a new network security model called Zero Trust Architecture (ZTA). Last year, U.S. President Joe Biden released an Executive Order on Improving the Nation's Cybersecurity. Later, on January 26, 2022, the Federal Government released a Federal Zero Trust Architecture (ZTA) strategy memorandum that sets the rules for the construction of a new IT infrastructure for government agencies and organizations in accordance with the ZTA strategy.

In this article, I want to look at the fundamental changes that the new paradigm brings, replacing the secure perimeter model, which has so far been the base for the construction of corporate IT systems.

Continue reading →

If you’ve been in cybersecurity, IT, or operations for a minute, you’ve surely heard the term "zero trust." If you’ve been paying attention, the first time it came into use was in 2009. Although the term was defined at that point, it did not come into play in any significant way until nearly a decade later. And that fuss was driven, predominantly, by security vendors. Businesses, and in particular, security teams, were slower to evaluate and adopt zero trust.

First off, it took some time for everyone to agree on what zero trust really meant, what it entailed, and what it would accomplish. Although the term "zero trust" was first coined by a Forrester analyst and was based on ideas set in motion by the Jericho Forum, different individuals and entities tinkered with the meaning to best suit their situation and needs. So before we dive in too deep, a quick level set is appropriate here.

Continue reading →

As companies increasingly move towards hybrid cloud infrastructures, fostering hyperconnectivity across applications, systems, and users, ongoing digital transformation projects are breeding complexity for modern enterprises. This is one of the reasons why devastating ransomware attacks are at an all-time high. Research by ESG found that 76 percent of IT and security professionals experienced at least one ransomware attack in the past year. What’s worse, 82 percent of the victims paid the ransom, with the average payout reaching $495,000.

In most cases, the fear of downtime and critical data loss drives the decision to pay the ransom. However, payouts are rarely the best long-term solution to combat this problem. Instead, businesses should focus on containing attacks and minimizing resulting business damage proactively. And one of the best ways to reach both outcomes, while bolstering business resilience, is with a modern Zero Trust approach to cybersecurity.

Continue reading →

Today’s enterprises have faced a higher pace of change over the last few years, as existing digital transformation strategies were catalyzed by the disruption of a global pandemic that restricted in-person working. The pressures on enterprises to fast-track IT strategies whilst reckoning with increased cyber risk and the competitive need to match other enterprises’ digital transformation has created many challenges for enterprises in maintaining an IT infrastructure that is both resilient and secure.

Overall, this has been a successful endeavor, and many enterprises transformation strategies are well underway.

Continue reading →

At this point in the history of cybersecurity, the concept of a network perimeter seems almost quaint. The perimeter was like a moat or castle wall designed to keep the bad guys out. But the days of employees and all their digital tools residing within an isolated secure area are long gone.

Today, the walls have crumbled, and the moat has dried up. Now we live in a world where people can and do work from anywhere. And they need access to resources that may be located on premises, in the cloud, or even in multiple clouds. The dramatic changes in how people work mean you can’t use location to determine who can and can’t be trusted. Today’s new demands require a new security model. And that model has a name, zero trust.

Continue reading →

A new study from secure access specialist Appgate based on research by the Ponemon Institute finds 60 percent of IT and security leaders are not confident in their organization's ability to ensure secure cloud access.

The survey of nearly 1,500 IT decision makers and security professionals worldwide sets out to examine the pain points experienced in securing cloud environments and how zero trust security methods can enable digital transformation.

Continue reading →

Shadow IT applications acquired without the knowledge of the IT department present problems for businesses as they can create security holes or may not be compliant with industry standards.

The problem isn't going to go away. Gartner reports that shadow IT spending represents 30 percent to 40 percent of the overall IT outlay in large enterprises.

Continue reading →

Without a doubt, cybersecurity will continue to be a topic riding high on the C-Suite agenda throughout 2022. With intensifying trade disputes, an escalating threat landscape, a highly distributed workforce, supply chains stretched to breaking point by the pandemic, and extra pressure exerted by the ongoing effects of Brexit in the UK and other geo-political issues, having a secure, productive, agile and cost-effective security framework in place will be paramount.

It’s evident that today’s enterprises conduct business and use digital technologies in ways that are evolving constantly. This digital transformation is making traditional perimeter-based cybersecurity IT infrastructure redundant. The days when every user and every device operating from within an organization’s premises or firewall could be automatically trusted, are over for good.

Continue reading →

A new study shows 47 percent of security leaders do not believe they will be breached despite the increasing sophistication and frequency of attacks.

The survey of 1,000 IT and security professionals across eight countries, conducted by The Enterprise Strategy Group for Illumio finds in the past two years alone 76 percent have been attacked by ransomware and 66 percent have experienced at least one software supply chain attack.

Continue reading →

More than more than 75 percent of IT leaders surveyed for a new report cite the importance of zero trust in combating mounting security threats and two-thirds plan to increase their budgets for the technology.

The study, conducted by Forrester Consulting for Illumio, finds teams are still fighting to catch up with critical initiatives with over 60 percent of respondents saying they were unprepared for the rapid pace of cloud transformation and migration.

Continue reading →

The trust model of cybersecurity is broken. Since the shift to cloud and the move away from siloed on premise infrastructure, IT environments have grown ever more complex, expanding in both size and variety of components.

Trust is permissible when a small team of engineers is accessing on premise infrastructure. However, in the modern hybrid systems employed by many businesses, trusting the multitude of end points and variables to manually adhere to all authentication measures and preventative procedures is risky. We all know that just one phishing email is enough to potentially lead to a critical data breach. Such incidents can be incredibly damaging for a business: IBM estimated that this year data breaches cost businesses an average of $4.24 million -- a 17 year high.

Continue reading →

The majority of data breaches are down to compromised credentials that allow privileged access to corporate systems, in particular infrastructure secrets such as API keys, certificates, database passwords and access keys.

Keeper Security is launching a new solution to help businesses in securing these secrets. Keeper Secrets Manager is cloud-based, fully-managed and uses innovative security architecture.

Continue reading →

Zero trust has been one of the security buzz phrases of the past year and control of identity and credentials is likely to remain a focus for businesses and consumers alike, especially as the work from home trend looks set to continue.

Here's what some of the experts think the identity field holds for us in 2022.

Continue reading →