Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say.
Zero Trust- Worried about protecting data, the likelihood of breaches, and the rise of insecure endpoint and Internet of Things (IoT) devices, companies are looking to technologies and security models that focus on continuous authentication, experts say.
On February 4, survey firm Cybersecurity Insiders published its “Zero Trust Progress Report,” finding that two-thirds of surveyed cybersecurity professionals would like to continuously authenticate users and devices and force them to earn trust through verification, two foundational tenets of the zero-trust model of security. Yet while the average cybersecurity professional is confident he or she can apply the zero-trust model in their environment, a third of respondents had little confidence, and 6% were not confident at all, the report found.
Other studies have found a similar conclusion: The concept of a zero-trust architecture, now a decade old, appears ready to go mainstream, but cybersecurity professionals remain uncomfortable with its implementation, says Jeff Pollard, vice president and principal analyst with Forrester Research, the analyst firm that coined the model in 2010.
“Zero trust is one of those initiatives that is being driven from the top-down perspective,” he says. “Previous models, security architectures — were very practitioner-driven. They were very organic and grew over time. … But because zero trust is a different model and a different approach, it is going to take time for all the practitioners out there to become ultimately familiar with what this looks like from an operations standpoint.”
The zero-trust concept evolved as a reaction to the disappearance of the network perimeter, as personal smartphones and other devices became widely used by employees at the office and as more workers did their jobs remotely. While old models of network security assigned trust based on location — anyone in the office was often trusted by default — zero-trust models focus on users and context.