3 factors that can guarantee zero trust success

by Janice Allen
0 comments

View all on-demand sessions from the Intelligent Security Summit here.


While the value and importance of zero trust network access (ZTNA) can hardly be overstated today, there are numerous reports of failed attempts to achieve it, particularly in small and medium-sized businesses. Zero trust has a deserved reputation for being difficult to start and maintain. The premise or promise makes perfect sense, but the practice has become unfeasible for many.

A new take on zero trust shows that it doesn’t necessarily have to be complicated. Zero trust can even be incorporated into well-known existing security solutions rather than being implemented as separate solutions or as something completely new and difficult to master.

Three factors often make the difference between zero trust success or failure, and surprisingly, they are not arcane technicalities, but rather principles of management.

Easing the path to zero trust

The first factor is overall complexity. It is often said that complexity is the enemy of security. Overly complex and difficult solutions and policies render security useless and promote workarounds that circumvent the solution or practice. The old Post-It notes with passwords on the side of an employee’s monitor as a way of enforcing strict password policies used to be a good example of this.

Event

Intelligent Security Summit on demand

Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Check out on-demand sessions today.

Look here

From a solution or architecture standpoint, integrating zero trust into an existing solution – as long as it meets the requirements – helps to reduce complexity. Eliminating the need for yet another system or tool to install, maintain and update various changes eases the workload of staff and one more thing to deal with. Expanding an existing trusted system to provide zero trust is by far the preferred option.

Some security suites or platforms have been or will include full-service zero trust. Managed cybersecurity services can also bundle zero trust with their offerings. Even modern VPNs for small and medium businesses have or will incorporate a relatively easy way to achieve a zero trust attitude.

>>Don’t miss our special issue: Zero trust: the new security paradigm.<

Suitable for modern realities

The second factor is the lack of fit for the realities of today’s cloud-everything, mostly distributed organizations. If a zero trust architecture requires components to be deployed on networks that are under full control, or based on traditional on-premises networks and data centers, it is likely to undermine the success of a rollout. If SaaS applications, the use of public cloud for data and resources, and the prevalence of a largely or entirely remote workforce cannot be fully accommodated, the zero trust solution is doomed to fail.

Web3 and metaverse technologies must also be accommodated if zero trust is to be successful. Gartner, along with its 2022 Gartner IT Symposium/Xpo, predicted that “Until 2027, completely virtual workplaces will account for 30% of corporate investment growth in metaverse technologies and will “reshape” the office experience.

Failure can be a “you can’t get there from here” problem that prevents necessary work or information flow. It can also be a form of too much complexity that thwarts or limits employees’ natural work style.

A recent Verizon mobile security Index report showed that 66% of employees expect to have to sacrifice security for speed to meet business or job requirements. Another 79% said they have already had to make such a trade-off to meet a deadline or target. This means that for zero trust to be successful, it cannot hinder work efficiency and speed. It must fit existing work styles, workflows and expectations.

Thwarting the unknown unknowns

The third factor is the inability to deal with both intentional and accidental threats. Zero trust is not just about access or proven identity and authorization in the traditional sense. Those aspects are certainly crucial, but other things contribute to achieving zero trust. It should thwart malicious actions, but also actions that are completely accidental. For example, the ability to assign or use static IP addresses provides greater certainty about both the user and the resource they are trying to access.

Another aspect may be the way an encrypted tunnel – as a VPN or as part of the communication between an application, such as email or a CRM, and a user – begins and ends. Gaps can create vulnerabilities that attackers can target to bypass zero trust protections.

Yet another aspect may be the need for an automated way to perform a health check on the user’s access device to ensure it meets the required security standards.

Zero trust failure is not an option

In addition to the above three factors, success or failure can depend on clarity and understanding of things like the entire attack surface of one’s organization or the collaboration patterns of employees and departments. The zero trust architecture may not correctly recognize existing data flows or business processes. Not being able to both protect and facilitate such things always means failure.

But zero trust failure is hardly an option an organization can afford. With data breaches continuing to escalate and fines for compliance violations rising and reaching levels of concern to businesses, most agree that zero trust is a necessity.

The failure of a zero trust project would certainly put it in good company with other IT failures. According to Smart Insights, 63% of all CRM initiatives fail, 70% of marketing automation projects fail, and 84% of business transformation efforts fail. Still, zero confidence doesn’t have to be another inevitable tragedy. By rethinking how this can be achieved and integrated into existing systems, infrastructure, work styles, and anticipated future changes, you can greatly enhance zero trust’s success potential.

Michael Cizek is a general manager at Global Automation and Identification Group.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers

You may also like

All Right Reserved Businesskinda.com