SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Zero trust security gaining momentum as a cybersecurity model
Fri, 20th Mar 2020
FYI, this story is more than a year old

As cyber attacks become more sophisticated and take advantage of advancing technology as much as any legitimate business, security attitudes and protocols have had to adapt in response, and some security professionals believe a tougher approach is best.

The uptake in zero trust security solutions reflects this, and a report released today from TeleGeography reveals a rising interest among chief information security officers (CISOs) in the model.

Zero trust security is an IT security model where, by default, no user or device is trusted inside or outside of the network.

The model is centred on the belief that organisations should not automatically trust anything inside or outside its perimeters and instead must verify anything trying to connect to its systems before granting access, according to CSO.

According to the survey from TeleGeography, interest in zero trust security remains high among WAN managers, while only 8% have actually implemented the IT security model.

The survey collected around 100 responses from companies ranging in size from SMEs to Fortune 500 enterprises, according to TeleGeography.

31% of respondents are considering zero trust security, 19% are in the adoption phase and 20% of respondents unfamiliar with the concept.

“Zero trust security is making the move from buzzword to serious consideration,” says TeleGeography analyst Elizabeth Thorne.

“WAN Managers recognize the opportunity in going beyond legacy models and exploring the potential of zero trust security in their organizations.

“The challenge for chief information officers (CIOs) is to understand the foundations necessary to make zero trust security a viable security solution.

“For example, in order to have user or device-based security policies, you first need to identify every user and device on your network—no small task for many enterprises,” says Thorne.

“Regardless, any time a new architecture is proposed there will be hesitation and a period of assessment before adoption ramps up.”  

The report also reveals that less than 20% of enterprises have fully or mostly integrated network and security teams.

More than 40% have separate teams but work closely together on things like SD-WAN or hybrid network adoption. 15% have largely siloed networking and security operations, according to the research.

“Enterprises are re-evaluating where security responsibilities sit within their IT operations,” says TeleGeography senior manager of enterprise research Greg Bryan.

“They are looking at greater integration between security and networking teams that will reduce risk while accelerating the adoption of networking technologies like SD-WAN.

“WAN Managers recognize the need for stronger relationships between these teams and we anticipate fully or mostly integrated teams growing over time,” says Brian.