1. Comment
  2. Comment
June 28, 2021

The emergence of Zero Trust architecture in cybersecurity

By GlobalData Technology

Zero Trust originated from an IT market research house back in 2009. So, the concept has been around for a while. However, it has accelerated in uptake and become mainstream in the last couple of years, due to the evolution of modern digital enterprise network environments and shift in network access and workloads away from the enterprise network perimeter.

Zero Trust’s architecture framework is based on the premise that “trust itself” in an enterprise network is a vulnerability in its own right, and that to prevent and fortify enterprise network environments cybersecurity framework strategies should be implemented with the notion that “no one can be trusted”. The thinking behind this is that once any user on the network is trusted (which can include threat actors) they are then free to move around anywhere in the enterprise network environment.

Technicalities of Zero Trust

From a technical perspective Zero Trust design concepts for the modern digital environment is based on network segmentation, eliminating any kind of lateral movement, enforcing Layer 7 threat prevention, and user access control simplification.

In practical terms organizations implementing this can hone in on their most critical data and applications across their network that they can then use as a reference point. Once this is clearly identified, then all possible permutations in terms of traffic movement in relation to the reference point, who the users are, and across particular applications, can then be analyzed to enforce policy. This results in placing some form of microperimeter around the reference point irrespective of where it moves.

Vendors hear the buzz

In terms of the vendor market landscape, Zero Trust seems to be a real buzz word with leading vendors as they attempt to offer comprehensive solutions securing access across networks and applications across users, end-user devices, IoT, containers and microservices to name a few.

Vendors like Palo Alto Networks are providing full life security, including context based policies, ML-powered security, endpoint security, and greater automation to prevent threats in multi-cloud and hybrid cloud environments. On the other end of the scale Cisco is positioning its strengths in network firewalls, end points and advanced malware protection within a comprehensive Zero Trust framework to drive solutions to help global enterprises implement the architectures.

Why a strategic approach is needed

GlobalData’s interactions with end user companies has determined that majority of enterprises are in the strategy phase with respect to Zero Trust. Additionally, our research has highlighted that a large number of companies feel that Zero Trust is difficult to implement, time consuming and costly. One of the reasons driving this as identified by GlobalData is because enterprises see it as the saviour to their complete cybersecurity requirements bucket list, and subsequently attempt to approach a Zero Trust strategy with a view of addressing many aspects of their cyber security environment.

However, in reality a number of hurdles exist in achieving full success. This entails internal organizational pushback, difficulty in implementing policies and procedures, the legacy nature of existing network environments, and struggles with how to approach Zero Trust.

Ultimately, what is required by enterprises is careful planning and a tiered strategic approach to implementation in the short term. Considerations for organizations implementing Zero Trust can include:

  • Defining a Zero Trust architecture strategy that is part of the wider digital transformation strategy for the business.
  • Possessing a clear network and cybersecurity technology roadmap that under pins the strategy
  • Starting small and focusing on key areas initially. As an example, this can cover i.) implementing Zero Trust network access (ZTNA) or software define perimeter (SDP) in use cases like secure multi-cloud access and alternative VPN, and ii.) implementing workload-to-workload identity-based segmentation at the back end network.
  • Implementing strong authentication