Top Business Tech shares the insight from 17 IT leaders on why organizations of all sizes need to implement zero trust, with tips on how to do so.
As the drastic rise in cyberattacks in the last year and a half have illustrated, zero trust is no longer simply “a nice thing to have”. Instead, it is now a security solution that organizations of all sizes must implement to protect infrastructure from internal and external threats.
We hear from several CTOs, who share their views on zero trust and their advice on how best to implement it.
How important is zero trust?
Almost every cybersecurity company will tell you that home networks are inherently insecure, and often unprotected by firewalls. You might have the security in place to protect your house from physical break-ins. Still, cyberattackers can break into home networks easily – even through IP-enabled devices, like your fridge or your kettle – and once inside, tunnel and break into their employer’s corporate network. Who knew making a cup of tea could be so damaging?
Businesses need a solution that automatically extends corporate-level security into each employee’s home, making all offices – whether at home or on-site – equally secure, and truly delivering peace of mind as a service. Tools like SD-WAN help deliver this by integrating on-premise level security, and zero-trust access control, so employees’ homes – and all connected items within them – become a secure extension of the corporate or office networks. And yes, that does even include the games consoles that kids have been using when meant to be doing schoolwork.
In the fight against criminal activity, there are several approaches. Some focus on specific, concrete technologies (e.g. Balanced Development Automation, SIEM, code scanning, Threat Modelling, etc), others focus on design (e.g. Privacy by Design, Secure by Design, Compliance by Design, etc), and others focus on philosophy (e.g. zero trust, BeyondCorp, DevSecOps, etc).
It is generally with the more abstract approaches that we see the greatest opportunities for innovation. The more concrete an approach, the less room there is for innovating beyond technology limitations. I believe it is, therefore, at higher levels of abstraction, like zero trust, and security reference architectures, where innovation will continue to thrive and technologies will follow suit.
For example, we already see work being done at The Open Group to create zero trust and security reference architectures that could have any number of implementations. These types of approaches will open doors to new categories of technologies and integrations that may not exist today, and this is the very essence of innovation.
