A Zero Trust approach to security, where risk is eliminated by removing issues at the surface, is becoming important today with more users connecting to more applications using more devices from more locations. It inherently increases risk at a time when cyber crime continues grow.
For organizations, implementing zero trust means understanding sensitive data and dedicating an area of the network to it. It also means consistently monitoring the environment and mapping acceptable routes for data access.
To help organizations better understand the importance and need for zero trust, Info-Tech recently released a research-backed blueprint, “Build a Zero Trust Roadmap,” to review the basics and offer guidance on how to move away from perimeter-based security.
"For the longest time, security teams have focused on reducing the attack surface to deter malicious actors from attacking organizations. However, I dare say that effort has only made these actors scream 'challenge accepted,'" said Victor Okorie, senior research analyst at Info-Tech Research Group.
"With sophisticated tools, time, and money in their hands, threat actors have embarrassed even the finest of organizations,” he added. “A hybrid workforce and rapid cloud adoption have also introduced more challenges as the perimeter shifted and the internet became the corporate network. A new zero trust mindset needs to be adopted to stay on top of the game and effectively mitigate attacks."
The problem for most organizations when it comes to implementing zero trust is that IT leaders do not have an accurate assessment of readiness or understand the adoption benefits.
"The success of most attacks is tied to denial of service, data exfiltration, and ransom," said Okorie. "A shift from focusing on the attack surface to the protected surface will help organizations implement an inside-out architecture. This approach protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals."
To succeed at zero trust, they need a strategy that is built upon best practices and is supported by business stakeholders. By adopting zero trust, there are the benefits of reduced business risks and the instances of a malicious attack as well as reduced CapEX and OPEX thanks to lower staffing requirements and improved time-to-response.
But, as with any security strategy, success is predicated on consistency and enforcement. It’s not something that can be done occasionally. It should be part of an evolving, repeatable process that leverages all available technologies to protect all attack surfaces.
Edited by
Erik Linask
