Zero Trust Is Not A Security Solution. Its A Strategy
One of the top challenges and misunderstandings that I continue to see is what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it's a security framework built around the concept of "never trust, always verify" and "assuming breach." Attempting to buy Zero Trust as a product sets organizations up for failure.
Vendors would have you believe that the security solution, platform, or widget they are selling is Zero Trust and that you can just purchase their solution to address your needs. This is false. Vendors enable Zero Trust; they are not Zero Trust itself.
There Is No Easy Button To Zero Trust
Starting down the path of Zero Trust is complicated. It's difficult to figure out where to start, so we've established a handy guide on how to practically enable Zero Trust from an implementation standpoint. Don't buy into vendor hype that you can purchase something and immediately be Zero Trust. That's not the reality of the situation.
Organizations need to build a strategy to get to a Zero Trust architecture that encompasses more than technology and buzzwords. One example is the Zero Trust eXtended (ZTX) ecosystem which, at a bare minimum, requires:
Assessing your existing security program's Zero Trust maturity (people, skills, technology, capabilities, etc.). This includes understanding how people are doing their jobs and how existing business processes are done today, mapping existing technology capabilities, and understanding gaps.
Mapping the output of this maturity assessment to the ZTX framework to understand what pillars you are strong in and which ones are lacking, specifically the capabilities in which you need to improve.
Considering tools and technology to address the areas where you're lacking and integrating Zero Trust implementation into existing business, IT, and security projects.
Zero Trust Is A Security Framework, Not An Individual Tool Or Platform
ZTX is an ecosystem with both technology and non-technology pieces. Protecting the perimeter and other prior security strategies didn't easily adapt to change because they were designed around monolithic point solutions that didn't integrate with each other. Zero Trust, however, is designed to be in a state of continuous review and optimization.
The fluid, integrated nature of Zero Trust is designed to easily adapt to business changes. Organizations need to be cautious about vendor messaging, dive into details about vendor offerings, and call them out when the technology they're pitching seems too good to be true.
Ask the vendor you're considering where the capability they're describing fits in the ZTX ecosystem. If they can't describe it, it's a very clear sign that they don't understand Zero Trust. Security vendors need to update their messaging to reflect the reality that Zero Trust is a journey that's different for every organization and stop advertising Zero Trust as a product that can be bought. By selling their solutions as Zero Trust easy buttons, they continue to set their customers up for failure by perpetuating this false paradigm.
Zero Trust isn't a race; It's a continuous journey
While Zero Trust continues to be marketed as the cool new thing, at the end of the day we need to ground ourselves. Zero Trust is the new normal. COVID-19 has significantly changed the way we work and forced a lot of organizations to accelerate their digital transformation and security strategies. Take a second to see if these security solutions are the real deal by scrutinizing how they fit into the different pillars of the ZTX ecosystem and, most importantly, your organization's overall Zero Trust strategy. They should be helping to enable organizations reach Zero Trust while improving the employee experience and should not be just another security tool that gets in the way of doing business.
To understand the business and technology trends critical to 2021, download Forrester's complimentary 2021 Predictions Guide here.
This post was written by Analyst Steve Turner, and it originally appeared here.
Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals
The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more
AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments
Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more
Technology Sector Fuels U.S. Economic Growth In Q2
The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more
Tech Start-Ups Advised To Guard Against Foreign Investment Risks
The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more
Global IT Outage Threatens To Cost Insurers Billions
Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more
Global IT Outage Disrupts Airlines, Financial Services, And Media Groups
On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more