Zero-trust has seen an explosion in interest over the last few years. As the perimeter has become increasingly porous due to cloud usage and distributed network architectures, a fresh look at some of the foundational cybersecurity concepts was sorely needed. This has only been exacerbated by the pandemic, with many organizations not only supporting a primarily remote workforce, but also trying to complete their digital transformation journey in a matter of months, rather than the years they originally planned.
Despite the clear applicability, there remains some confusion in the market regarding exactly what implementing zero-trust entails, where to start, and how to ensure the initiative is successful. The recent finalization of the NIST guidelines on zero-trust architectures may help provide some clarity, but much work remains.
With all that in mind, Mark Peters posed several questions to me on the topic of zero-trust as a part of ESG’s recent virtual breakfast at Black Hat 2020. In the following video, Mark and I touch upon:
- Zero-trust interest and adoption. By now, nearly everyone even tangentially involved with cybersecurity has some awareness of zero-trust. In fact, ESG research has found that 88% of respondents are very or somewhat familiar with the concept. However, when we consider adoption, the data simply doesn’t match up with real-world scenarios, pointing to the aforementioned confusion.
- Data security as a component of zero-trust. The short answer is that it is a part of a complete zero-trust strategy. However, it should not be the starting point.
- How to incorporate zero-trust. We don’t provide an exhaustive list, but do touch on some of the high-level keys to success with these projects, including starting small while maintaining a long-term vision and how to think about vendor partnerships.