Zero Trust: A Smarter Approach to Security
For organizations, supporting remote workers through the pandemic required providing network access across an unprecedented range of locations, devices and connection types. Even as some workers begin to return to offices, it’s a reality that’s here to stay. Many companies understand this and recognize the need for a more modern approach to security.
People and wherever they access apps and data represent the new perimeter. Zero Trust is a security framework that can help safeguard the people perimeter from a growing range of attacks. That’s why it gets so much attention these days and it’s also why a growing number of our customers are working towards rolling it out. Effective Zero Trust implementations offer the potential to minimize potential points of failure while helping to mitigate the increasing number of internal and external security threats.
Recently, I sat down with ESG Research Senior Analyst John Grady for a fireside chat to discuss A Modern Approach to Zero Trust.
Here are a few themes we cover:
1. Validating Identity and Access has Become a Much More Complex Proposition – Today, the majority of organizations use dozens, sometimes hundreds of business applications as part of their operations. Couple that reality with the fact that a hybrid workforce accesses data via numerous connected devices which makes providing identity and application access a much more complex problem than it was even two years ago.
2. Managing Data is as Important as Managing Identity and Access – In its early days, Zero Trust began with a focus on identity and access. Today, however, organizations are increasingly realizing that data access is a key part of the equation to solve for. Once identity and access are adequately addressed, the most effective Zero Trust implementations are ones that incorporate data protection models to provide organizations the ability to deploy dynamic data policies vs. traditional restrictive, all-or-nothing access.
3. Monitoring User Behavior Matters as Well – In today’s reality, a static identity confirmation and application authentication simply isn’t enough. A single user may use multiple networks and devices on a typical day to get their work done. Understanding the context of how a user interacts with data is also key. Ongoing assessment and analysis helps security teams establish a baseline of typical behavior at the user level, which makes it possible for them to identify real-time anomalous behavior when it does occur.
In the time of SaaS solutions and of hybrid and multi-cloud working environments, the shape of enterprise networking has clearly changed. Network security must evolve with it. Zero Trust solutions remind us that users and data are the new digital perimeter – and that the application of practical safeguards and behavior-based controls can help better secure your network without compromising enterprise performance or employee productivity.
Here's a quick preview video where we discuss the importance of continual assessment in a Zero Trust environment:
Watch the on-demand discussion between me and John Grady, A Modern Approach to Zero Trust via the link.