According to a Forrester Research client survey, 84% of respondents believe the network perimeter is no longer defensible.1 It’s no surprise when considering the technological changes with the digital transformation. The wide-scale adoption of hybrid clouds, subscription-based cloud services, ubiquity of user-owned devices, among other initiatives have blurred the conventional network perimeter. Once considered durable, traditional InfoSec’s “trust but verify” has faded. Digital technology has revolutionized business processes, customer experiences, and given you a foundation for future growth. But, it has also altered the security landscape. Established networks and assorted best-of- breed security are tested tens of thousands of times a day. Ransomware alone will reach $10 billion in 2019. The annual cost of cybercrime damages is expected to hit $5 trillion by 2020.2
Today’s high-velocity cyberattacks are no longer wanton. They’re targeted. Well-heeled cybercriminals strike selectively to steal the crown jewels at the heart of the digital expansion: your data. In this paper, we’ll explore the zero trust security model. Is it viable for organizations to adopt? Can zero trust be the new formula to turn back the clock where good did overcome evil?
What is Zero Trust?
No organization fights sophisticated cyber threats with weak defenses, and expects to win. Although cyber security technology continues to make tremendous strides, the balance of power has tipped to well-funded cybercriminal and nation-state syndicates. A recent UN report indicated North Korea hackers launched 35 large-scale attacks against financial institutions and cryptocurrency exchanges in 17 countries. Allegedly, the estimated $2 billion take will go to fund the development of WMDs (Weapons of Mass Destruction).3 Enter the zero trust security model approach. Widely recognized by its “never trust, always verify security” paradigm, Forrester analyst Dr. Chase Cunningham describes zero trust this way, ” Zero Trust is strategically focused on addressing lateral threat movement within the infrastructure by leveraging micro segmentation and granular enforcement, based on user context, data access controls, application security, and the device posture.4”
Rather than user access granted by the network, Forrester’s core principles state that access to services should be granted based upon:
• What you know
• What we know about the entity
• What we know about your authorization to access each service
Download the full text here.
1 “Future-proof Your Business With Zero Trust,” Webinar with Chase Cunningham and Paul McKay, Forrester Research
2 “Cyber Security Statistics for 2019,” Cyber Defense Magazine, March 21, 2019