With 2023 here the cybersecurity sector is working at an increase pace to address the escalating number of threats directed towards businesses from malicious sources and more sophisticated attack vectors. One key area is with pushing ahead with Zero Trust solutions for organisations to adopt.
Zero Trust is here to stay
John Linford, The Open Group Security and Open Trusted Technology Forum (OTTF) Director, explains to Digital Journal it is important for businesses to adopt Zero Trust models. By this he means“Zero Trust has been a high-profile topic in cybersecurity for well over a decade now, but in recent years it has suddenly bloomed from being a promising future approach to being a fundamental component in enterprises’ security toolkits. According to one report, active Zero Trust implementation more than doubled in the year to August 2022, reaching more than half of businesses.”
Zero Trust is an approach taken to cybersecurity that seeks to secure an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. One example is with multifactor authentication.
Explaining why Zero Trust solutions are booming, Linford explains: “This growth has had two major consequences. First, information security for businesses has been considerably strengthened. We know that Zero Trust can reduce data breach incidents by 50 percent, and so its rapid widespread adoption is something to be celebrated.”
There are three key components in a Zero Trust network: user/application authentication, device authentication, and trust.
While the broad definition of Zero Trust is clear, what does it mean in practice? Here Linford assesses: “The second, less encouraging consequence has been an accompanying growth of competing definitions around what it means to comply with the Zero Trust model, whether for an organisation to implement Zero Trust or for a product or service to aid in this.”
Furthermore, says Linford: “While the principle of Zero Trust might seem simple enough to state in theory, applying it in a production environment demands countless subtle decisions which affect the ultimate nature of the solution. This fact adds a layer of conceptual overhead to an undertaking which can already be daunting, requiring in-depth planning and cross-company collaboration in order to succeed.”
Illustrating the concept, Linford says: “This is not a new story in technology; in fact, the origins of thinking behind Zero Trust can be traced to the Jericho Forum® Commandments. Once the idea or approach has proliferated sufficiently, a period of blossoming innovation as ideas are brought to market is often followed by a period of rationalisation as new or additional standards are created to ensure holistic benefits.”
Consequently, Linford explains: “So it is with Zero Trust: initiatives like NIST® 800-207 and The Open Group Zero Trust Architecture Working Group will establish the clarity Zero Trust needs in order to grow from being present at the majority of businesses, to being at the heart of most business processes.”
