With diminishing enterprise boundaries and users accessing corporate resources remotely, the number of cyber threats is rising rapidly. Approximately 34% of breaches occur due to insider threat actors.
Today’s complex infrastructure cannot rely on traditional security architecture as it does not have a single defined perimeter due to remote access from users, use of cloud services, and emergence of edge computing. That is why most of the breaches occur due to lack of control mechanisms or visibility, with unhindered lateral movement of malware in the network.
Enterprises are adopting zero trust security through different initiatives to enhance their security posture. Several leading vendors offer products or services, which can secure, restrict, or control access, based on the zero trust model. But, are these solutions empowering enterprises with a holistic approach to security?
Confusions around zero trust
After the inception of the concept of zero trust security, multiple vendors came up with solutions and methodologies using their integrated product suites, offering zero trust security. Their approach is mostly around the product suites, and what they offer, and does not provide a holistic view to improve security posture, or cater to the enterprise requirements.
Most of the times, these products do not focus on an integrated approach or co-existence of ecosystem security controls, neither orchestration of data to influence or control access for a user.
This often creates confusion for people responsible for the security wellbeing of the enterprise, while strategizing zero trust security and choosing the correct set of tools.
Zero trust is an approach that cannot be achieved using a single solution, tool, or product. It is rather a methodology, usually designed based on enterprise needs, and always contextualized and fine-tuned based on the business priorities of an enterprise.
Zero trust is all about access to data
Zero Trust, first coined by Forrester more than a decade ago, has gained more acceptance now.
The zero trust extended ecosystem talks about data, network, people, workloads, and devices, along with analytics and automation, to provide visibility and access based on trust-but-verify approach. These five core elements contribute toward the build of a zero trust model and should be used to measure the maturity of an enterprise’s ability to secure its environment.
The zero trust security model allows establishing gateways or interception points in the network or data flow path, to gain complete visibility and thereby enforcing controls. The ultimate goal is protection of data or sensitive information while providing access to users, based on the need in that particular context. Figure 1 shows indicative zero trust security use cases across various elements of zero trust.