The Fox Magazine

Daily Inspiration:

Dream Bigger
With Us.

Let's Get Social

    What To Know About Zero Trust In 2022

    What To Know About Zero Trust In 2022

    This year is likely to be one where broadly more organizations begin implementing Zero Trust cybersecurity if they haven’t already.

    The shift to remote and hybrid workplaces models is increasingly demanding the use of Zero Trust principles. With Zero Trust security, rather than automatic authentication, before a user or device can access a system, network or application, the identity has to be verified at each step through a trust model.

    The concept is that even though someone has the proper credentials, it doesn’t mean they’re the person authorized to use those. To implement Zero Trust, organizations and IT professionals have to utilize conditional access policies to grant access only to managed devices that are on private or trusted networks or layer multi-factor authentication.

    With that in mind, the following are some of the trends and things likely to have a particular impact on Zero Trust going forward this year.

    Spending On Zero Trust Will Increase

    President Biden recently issued an executive order requiring Zero Trust architecture for all government entities. That means adoption and spending in this area are likely to speed up across all organizations. Garner predicts that spending on Zero Trust network access solutions will go from $820 million to $1.674 billion by 2025.

    Many CISOs in insurance, manufacturing and financial services say that they see a business case for Zero Trust, highlighting the realization they had such limited visibility and control over their endpoints. According to Forbes, based on information from the Infosys Knowledge Institute report, 48% of the boards of businesses are involved in discussions involving cybersecurity strategies. Along with Zero Trust, identity is also likely to be a pivotal part of the conversation within boardrooms.

    If Zero Trust is going to be the core security protocol and architecture for federal agencies, as mandated by Executive Order, it seems that any board for a private business working with government agencies needs to do the same.

    Device Volume and Diversity

    Something else that’s going to be affecting Zero Trust and cybersecurity trends, in general, is the volume and diversity of devices that are on networks. Guest endpoints, operational technology systems, and devices mean there will be billions of devices connecting to enterprise networks worldwide every year.

    The tools that security teams would have typically used to secure them don’t apply anymore, meaning Zero Trust will be a solution. With Zero Trust tools, security leadership and IT teams can get full visibility into devices and utilize network controls. With Zero Trust, it also becomes possible to segment and subsequently isolate managed and unmanaged devices.

    Alignment of Business Initiatives with Cybersecurity

    If the board members are going to become more conscious of cybersecurity and identity management in 2022, it stands to reason that forward-thinking organizations will work better to align their business initiatives with their cybersecurity objectives. Board members are going to start demanding information about why cybersecurity with Zero Trust and identity will require focus and investment.

    As more breaches occur, members of the board and the C-suite will realize they aren’t immune to this potential, so they’re going to have to strategically line up the threat landscape with other things they hope to achieve.

    Investments in IAM Effectiveness

    In 2021, most organizations found they were unprepared for the sophistication and scale of cyberthreats they were facing. That realization is leading many to evaluate not only a Zero Trust architecture but also a different approach to authentication for virtual teams.

    Privilege abuse is the top cause of breaches going on right now. Businesses can stop privileged access abuse by creating passwordless authentication systems that are intuitive to be less frustrating for users and provide a high level of security. Organizations should be taking a more integrated approach to identify this year.

    Forrester issued a report last year on trends affecting identity and access management (IAM), advising their clients to take a dynamic and granular approach to network access.

    AI Patch Management

    Perimeter-based control in cybersecurity often leads to problems with endpoint security platforms. They tend to conflict with one another. Organizations can improve their endpoint control and security by looking at their current stack and simplifying access control with the least privilege access, that’s in line with Zero Trust. Because the more endpoint management and IAM tools that are installed lead to a higher potential for conflicts, IT teams can completely automate patch management instead of reliance on an inventory-based approach that’s more likely to have errors.

    Teams can use bots to automate their patch management by identifying and prioritizing threats and risks.

    Flexibility

    Rather than being reactionary, there should be a shift to creating a complete but flexible approach. There’s a tendency to view cybersecurity as having a set solution or particular product that’s the ultimate answer. However, there needs to be a mindset shift. There has to be a framework that will protect data and systems well before a problem occurs. Companies have to make sure they focus on the agility to make changes instead of trying something unfamiliar when there’s an actual threat.

    No matter where employees are physically working, the framework should deal with all cybersecurity challenges. That’s where Zero Trust becomes not only a strategy but a philosophy. Zero Trust offers the flexibility needed through the combination of tools and solutions. These solutions include multi-factor authentication, endpoint protection, and endpoint management. Everything can work together, allowing for a phase-out of VPNs for remote access.

    Zero Trust also deals with issues like phishing attacks and helps with the identification of risky online behavior by employees. Organizations will have to start thinking in a way that combines strategy and philosophy and also become more advanced in outlining the methods that will allow them to determine the success of their Zero Trust initiatives. Zero Trust isn’t a short-term project. It’s a long-term shift to the tools, technology, and processes you use in your cybersecurity approach.

    Post a Comment

    What To Know About Z…

    by Susan Melony Time to read this article: 13 min
    0