Why It's Time to Stop Putting off Zero Trust

Studies show that remote working is here to stay. While many organizations have been keen to return to a more traditional workplace, over a third of UK workers are still working from home at least part-time. The work-from-anywhere model is the new norm, and it’s brought with it a host of security challenges – including a notable uptick in unmanaged endpoints (think: laptops, mobile phones, etc.), newfound threat vectors and vulnerabilities and heightened complexity in the cloud.  

Today, businesses increasingly turn to a zero trust approach to combat these obstacles. Zero trust is not a specific solution but a mindset. The zero trust methodology emphasizes an “assume breach” philosophy – where firms behave as though an adversary already has access to their network environment instead of focusing solely on prevention at the perimeter. 

With ransomware and cyber-attacks on the rise, we know that it’s not a matter of if bad actors will break through perimeter defenses but a matter of when – if they’re not inside your data center, networks or cloud environments already. So as organizations look to bolster business resilience and enhance cyber maturity in the weeks to come, here’s what you need to know about the current state of zero trust – and where your organization can get started.   

Why Zero Trust – Why Now? 

Organizations pour more money into cybersecurity every year, yet we’re witnessing more catastrophic breaches than ever before. Worryingly, 63% of security leaders reported that they were ‘unprepared’ for the accelerated move to the cloud – resulting in a plethora of mismanaged endpoint devices and low visibility across cloud and data center environments. 

Now, as we watch threats evolve and breaches become even more devastating, the need for organizations to get started with zero trust strategies has never been more apparent. It’s clear that organizations need to focus on preventing breaches from happening in the first place (i.e., prevention at the perimeter) and on limiting their impact when they inevitably do occur.  

The Common Obstacles to Zero Trust  

While 75% of decision-makers recognize the importance of zero trust, only 33% have plans in place to deploy zero trust technologies. One of the most widespread barriers to zero trust progress is misunderstanding how to get started with zero trust. For example, when it comes to micro-segmentation, a critical pillar of achieving zero trust at any scale, two-thirds of firms say their internal teams lack the time, subject matter expertise and skills to implement best practices for micro-segmentation. Also, 44% of leaders report that their teams struggle to identify and design the most appropriate zero trust pilot for their organization.  

Education across internal teams is an essential first step in helping your organization achieve zero trust success. While it may seem daunting to determine how your organization should get started with zero trust today, here are a few key things to keep in mind when ironing out your strategy.  

Taking the First Step 

Visibility is the first step of a zero trust strategy. Organizations need risk-based visibility into the communications and connections happening across their environments to better assess and understand top risk priorities. Whether that’s identifying where bad actors could take advantage of vulnerable points in infrastructure (i.e., can somebody access my business-critical database?), pinpointing if they already have or highlighting and mitigating other potentially risky activity (think insider threats: sometimes employees don’t realize they’re clicking on risky links or opening vulnerable files) before it can become a threat to the business.

From there, put “assume breach” into practice. Secure your organization’s critical assets by building zero trust security controls and policies around the most at-risk pathways. Limit access proactively – either starting with mission-critical assets or working on protecting larger environment-based segments and leverage tools like micro-segmentation to contain threats and minimize business impact post-breach. 

Lastly, account for scale. As your business grows, you can expect the threat landscape to evolve and widen as well. As you build out your zero trust plans, ensure that you’re accounting for solutions that enable business growth while limiting risk exposure.  

An incremental approach to zero trust, which helps reduce risk and bolster cyber resiliency now, is the best path forward. Although the scale of a full zero trust transition can be intimidating at first, by starting small and prioritizing projects that will deliver the most significant impact, firms can – and should – start turning zero trust plans into a reality today.  

What’s Hot on Infosecurity Magazine?