Eight years ago, a new security strategy called “zero trust” was introduced to the world by a well-known analyst at Forrester. At the time, the strategy seemed to one-up its predecessor, the “least privilege” security model, and forced traditional network-centric approaches to walk the proverbial plank. While the “zero trust” name certainly had some creative flair and an equally interesting value proposition—to trust no device or network—there was just one problem. No one really knew how to make it happen. As a result, it lost a bit of steam and was placed on the backburner of security priorities.
Years later, and following several headline-making mega breaches, zero trust security seems to have once again permeated the minds of network security engineers around the world. Google created BeyondCorp, Forrester has revitalized its focus on zero trust, and security vendors have begun to bandy about the sector’s newest buzzword with breathtaking frequency.
But why now?
In spite of widespread cloud adoption and user mobility, security teams have continued to rely on 30-year-old network-centric technologies. But those technologies have no ability to deliver zero trust. How could they? They were developed 20 years before zero trust had even become a concept.
Why zero trust has been virtually impossible:
The emergence of modern security solutions—those built around the understanding that cloud adoption and mobility have created a perimeter-less world—has led to a renewed focus on zero trust security. They're known as software-defined perimeter (SDP) solutions, and identified by Gartner as zero trust network access (ZTNA) services.
Now that zero trust is finally achievable through SDP and ZTNA, it can take many forms. The IT champions at National Oilwell Varco (NOV), one of the world’s largest oil and gas industry manufacturers, are using it to not only boost security for 7,500 internal apps but also to accelerate M&A activities and enable secure cloud migration. Perdue Farms, the world’s number one producer of organic chicken, uses zero trust security to enable its remote workers to access SAP seamlessly and securely from their Chromebook devices. MAN Energy Solutions, a subsidiary of VW Group and producer of large-bore diesel engines at sea, uses zero trust security to enable secure access to the 7,000 internal apps on cargo ships floating off the sea of Copenhagen. TriMedX, a leading healthcare technology provider, has embraced zero trust security as a way to retire its remote access VPNs.
What will your story be?
In many cases, it will be up to you to evoke the change required to get to zero trust. You’ll encounter the server huggers worried about changing the status quo. The individuals who have grown complacent with network-centric technologies that can never, and will never, deliver zero trust security. In the end, your actions will define the future of security within your organization.
The only question now is, do you accept the mission?