Zero Trust Adoption Increases During Lockdown

The adoption of a zero trust concept of security defense has increased due to increased remote working as a result of the COVID-19 pandemic.

According to recent polls by Deloitte, 37.4% of security professionals say the pandemic has sped-up their organizations’ zero trust adoption efforts.

In particular, cybersecurity professionals say zero trust adoption is often driven by the framework’s ability to help manage cyber-risks including workforce risks like remote work and insider threats (35.7%) and third party risk (24.8%).

Commenting, Thomas Hatch, CTO and co-founder at SaltStack, said the COVID-19 shift has heightened the liabilities that employees have around trust and authentication, and “allowed for easier infiltration by foreign actors and makes internal threats much easier.” He claimed BYOD and distributed work, on distributed networks, greatly heightens the risks to businesses.

Asked which has posed the greatest challenge organizations’ adoption of zero trust, a poll of 1036 professionals found 28.3% cited a lack of appropriately skilled professionals, and 28.1% cited a lack of required budget.

Jonn Callahan, principal application security consultant at nVisium, said: “Within modern micro-service deployments, traditional edge-oriented security practices are obsolete. Should an attacker gain access to the internals of a micro-service architecture that does not implement zero trust, it is game over for any defense controls in place; the attacker will likely have carte blanche read and write access to all data handled by the architecture.

“Additionally, I've personally spent years negotiating, arguing and occasionally, fighting with security operations teams on their insistence that security controls only need to be implemented at the edge, regardless if you are running modern or legacy systems. This approach is akin to leaving the bank vault door open 24/7, while pointing to the locked front door as a sufficient control.”

What’s Hot on Infosecurity Magazine?