Hybrid IT proves challenge to Zero Trust cybersecurity

Half of cybersecurity leads don't feel confident about implementing a Zero Trust security model, according to a new survey.
4 February 2020

Trusting no one is the key to Zero Trust. Source: Shutterstock

As opposed to ‘castle and moat’ cybersecurity, where it’s assumed that any user inside a network is trustworthy and secure, Zero Trust is an indiscriminate approach. 

It states that organizations should not trust any entity inside or outside of their perimeter at any time; “It never trusts anything and will always verify,” explained TechHQ’s Neil Hughes previously.  

“By not trusting any website, email, or web application it becomes much easier to isolate systems so that the malware cannot infect the user, the device and the network.”

There are thousands of cybersecurity solutions available to protect organizations from external threats — a study by Ovum found that most enterprises have up to 50 cybersecurity tools in use at one time. 

Despite this, 90 percent of data breaches can be traced back to human error

Most breaches, then, are initiated from the inside and the vulnerabilities are exacerbated by an increase in BYOD, insecure partner access, over-privileged employees and shadow IT. 

Zero Trust solutions provide the visibility and IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data.

The draw is such that, according to a survey by Pulse Secure on more than 400 cybersecurity decision-makers, nearly three-quarters (72 percent) plan to implement zero-trust capabilities in 2020.  

But despite the commitment to moving the model beyond concept to implementation, there was a clear divide in confidence among respondents when it came to applying the principles — nearly half (47 percent) of cybersecurity did not feel equipped to apply a Zero Trust model to their Secure Access architecture. 

According to Scott Gordon, Chief Marketing Officer at Pulse Secure, this comes down to the increasing complexity of an organization’s IT networks. 

The sheer volume of cyberattacks and enormity of data breaches in 2019 has challenged the veracity of secure access defenses, even in well-funded organizations,” said Gordon.  

“Zero Trust holds the promise of vastly enhanced usability, data protection, and governance. 

“However, there is a healthy degree of confusion among cybersecurity professionals about where and how to implement Zero Trust controls in a hybrid IT environment – which is clearly reflected in respondents’ split confidence levels.”

Of the organizations building out Zero Trust capabilities in 2020, data protection, trust earned through entity verification, and continuous authentication and authorization were cited as the most compelling tenets of Zero Trust. 

“Digital transformation is ushering in an increase in malware attacks, IoT exposures and data breaches, and this is because it’s easier to phish users on mobile devices and take advantage of poorly maintained Internet-connected devices. 

“As a result, orchestrating endpoint visibility, authentication and security enforcement controls are paramount to achieve a Zero Trust posture,” said Gordon.