Zero Trust is About Changing Security Mentality
Zero Trust is About Changing Security Mentality
July 8, 2021
- Organizations are evolving technology investments to address emerging risks and challenges and support remote working initiatives.
- At the same time, they’re modernizing their access management policies and controls in response to increased cyber attacks, data breaches and the requirements of security and privacy regulations.
- Zero Trust promises to safeguard assets and data in the cloud as well as investments in emerging technologies.
- Besides investing in access management solutions that rely on Zero Trust, organizations should also invest on building a Zero Trust culture.
It’s a Multi-Cloud, Borderless Business World
Access security is quickly shifting away from insecure passwords and network perimeter security towards a Zero Trust approach. With businesses increasingly adopting multi-cloud environments, traditional corporate boundaries have disintegrated. In fact, the recent Thales 2021 Data Threat Report (DTR) indicates that nearly a third of respondents host 41-50% of their workloads and data in external cloud; for another 24% than number is more than half. In addition, corporate users and their partners access data through a multitude of networks – private, corporate, mobile – using a plethora of entry points and devices, making it impossible to secure access to data using legacy network perimeter controls.
Zero Trust secures the access points to data and applications through a “never trust, always verify” approach. In cloud computing environments everyone is literally an outsider, and the legacy mantra that “the good ones are inside, the bad guys are outside” creates more vulnerabilities and security blind spots. An adversary may leverage a compromised or stolen credential to gain access to a corporate network, move laterally undetected, and exfiltrate data or disrupt operations.
Zero Trust Strategies Influence Cloud Security Practices
As a result, organizations are moving towards Zero Trust strategies to secure and authenticate the identities of individuals and devices requesting access to corporate assets. The findings of the TDR are indicative of this trend:
25% of survey respondents said they don’t have a Zero Trust policy and aren’t considering implementing one in the near future. These numbers will improve, as the organizations with formal Zero Trust strategy are less likely to be breached.
The Zero Trust philosophy influences how organizations are approaching cloud security. This is because Zero Trust helps implement the shared security model of protecting multi-cloud and hybrid environments and provides an integrated, scalable, flexible and reliable approach to digital asset access control. In fact, the DTR report indicates that Zero Trust shapes cloud security strategy to a great extent for the 32% of global respondents.
The increase in cyber attacks targeting SaaS apps and credentials is another driving factor for adopting a robust Zero Trust access security. The Verizon 2021 Data Breach Investigations Report indicates that 61% of breaches involved credential data and that web applications were the main attack vector, accounting for over 80% of breaches. Overall, apps and data in cloud were the top targets for adversaries. As a result, 44% of DTR respondents were not confident that their access security systems could effectively secure remote work.
Hence, businesses are changing their existing cloud access strategies, adopting an identity-centric approach that relies on Zero Trust (76% of DTR respondents). This trend is also evident in highly regulated sectors, like financial services, where 83% of the institutions are relying on Zero Trust strategies. This shouldn’t come as a surprise – these organizations need to demonstrate compliance with various regulations and standards to safeguard the integrity of transactions and the trust their customers place in them.
A Changing Mentality to Meet an Evolving Landscape
As businesses accelerate their digital transformation initiatives, Zero Trust promises to safeguard not only their assets and data in the cloud, but also their investments in emerging technologies. Relying on perimeter security is a relic of the past and is not adequate to protect modern businesses seeking to leverage the advantages of cloud computing.
Besides investing in access management solutions that rely on Zero Trust, organizations should also invest on building a Zero Trust culture. After all, Zero Trust isn’t just about technology, it’s about an evolving security mentality that can help organizations adapt to an ever-changing environment, advancing digital transformation while limiting exposure to cyber risks and threats.