The Path to Zero Trust Starts with Identity Home Insights Blog The Path to Zero Trust Starts with Identity September 20, 2021 Businesses are prioritizing Zero Trust more than ever before. Hybrid and distributed workforces require a seamless blend of flexibility and security. The first step on the Zero Trust journey is identity. In the past, security was built around fixed, physical networks that kept trusted individuals in and untrusted individuals out. But as companies have transformed their digital environments and enabled remote work from any device – trends that were significantly accelerated by the pandemic – security has had to evolve to treat people as the new perimeter. That’s where Zero Trust comes in. Today, organizations are prioritizing Zero Trust security more than ever before. In fact, in 2021, almost 90% of companies are implementing or planning their Zero Trust initiatives. That’s a significant jump from the 41% who claimed they were making these efforts in 2020. Now, as organizations continue supporting a dynamic work model, they need the right systems and technologies to offer seamless flexibility alongside robust security and access policies. A Look at the Evolution of Zero Trust While the pandemic has certainly put more pressure on security leaders to prioritize Zero Trust, it’s not a new concept. For the past decade, security experts have been shaping and refining what Zero Trust looks like and how companies can implement it. 2009: During his time at Forrester, John Kindervag introduced the term, which was based on the idea that all network traffic should be untrusted.2014: Google’s BeyondCorp model shifted access controls from the network perimeter to individuals and their devices.2017: Gartner’s CARTA framework added to Kindervag’s concept by suggesting that authentication and authorization should be exercised throughout the user experience, not just at login. Forrester has since updated its model to reflect this.2019: NIST released its Special Publication 800-207, defining what should be included in a Zero Trust architecture.2021: President Joe Biden signed an executive order on cybersecurity, putting a comprehensive focus on building security models that protect individuals in both the public and private sectors. Today, Zero Trust continues to adapt alongside technologies and business operations. As companies work to improve their Zero Trust maturity and gain access to new tools that can support their initiatives, it’s likely the Zero Trust model will continue to evolve. Where Zero Trust Is Going The most recent industry Zero Trust frameworks and best practices all align on one thing: identity is the new perimeter. With users now accessing work systems from their phones on a coffee shop’s network or at home from their corporate laptop, it’s vital to ensure that everyone is who they say they are. As companies continue to build and refine their dynamic and hybrid work environments, they need an identity-centric approach to security that ensures the right people have the right level of access to the right resources, in the right context. This can be done by implementing a Zero Trust architecture that has identity at its core – but getting this right won’t happen overnight. Achieving Zero Trust maturity takes time and requires organizations to work their way through various stages and identity-focused initiatives: Unified Identity Secure user identities by eliminating poor password hygiene, deploying single sign-on (SSO) and rolling out multi-factor authentication (MFA) for employees, partners and contractors. This should be supplemented by unified authentication policies that span cloud and on-premises applications. Contextual, Secure Access Layer in context-based access policies that analyze a user’s device, location, network and more at each access request. By deploying multiple factors across user groups, you can ensure that there are additional authentication opportunities for users in unusual contexts (e.g. signing on from a different device). These added authentication features can then be extended across resources, including APIs. To help prevent unwanted access to sensitive resources, automated provisioning and deprovisioning ensures that a user only has access to the tools they need to do their work — nothing more. Adaptive Workforce Extend the reach of authentication and authorization beyond the front gate. This means deploying contextual, risk-based assessments that track users throughout their interactions with the company’s systems and proactively identifying potential threats. In practice, companies can deploy a risk engine that allows IT or security teams to set policies based on risk tolerance and scores each access request against it. At full Zero Trust maturity, trust is no longer assumed. Instead, risk is continuously monitored and users may be asked to reauthenticate should an aspect of their context change. Getting Started with Zero Trust Many organizations are still at the early stages of their Zero Trust journey and don’t quite know where and how to begin – but that shouldn’t stop them. Leaders in the identity and access management, cybersecurity and privacy spaces have been working hard to develop comprehensive, easy-to-deploy solutions that integrate seamlessly with other components in a Zero Trust architecture. Working with a trusted partner in this space will go a long way toward lowering a security solution’s total cost of ownership while also accelerating adoption. And as the workplace continues to evolve, having a reliable identity partner in your corner can only be a plus. By: Amanda Rogerson Director, Solutions Product Marketing | OKTA Amanda Rogerson is a change agent who wants to disrupt the way you think about digital security. Having worked with organizations globally across industries in various roles throughout her career, she is mindful of the impact new security practices have across organizations. As a self-proclaimed nerd, she likes to weave pop-culture references into her discussions to make security relatable. Share: identity Zero Trust Partner Series Related Insights Image Zero Trust Journey: Okta Getting Started with Zero Trust July 21, 2021 Check out this whitepaper on how Okta offers a Zero Trust solution for our customers via our contextual access management feature set. See Details Download Image Future-Proof Your Digital Business with Zero Trust Security November 20, 2019 The increasingly popular Zero Trust information security model maintains strict access controls by not trusting anyone or any action by default – and.... See Details Blog Image Cybersecurity Field Guide #6: Zero Trust Guiding Principles September 16, 2021 This guide provides an intro and dives into Optiv's Zero Trust principles and how to visualize your Zero Trust journey. See Details Download How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.