analysts indicate that it is necessary to balance the implementation of the Zero Trust approach with business management and other risk protection actions
The adoption of security models'Zero Trust' is a priority for most organizations that have a strategy to reduce cyber risks and threats, but few companies are getting complete the implementation process. This is one of the insights from the most recent survey by the Gartner, a world leader in business research and advice, which predicts that by 2026, 10% of large companies will have a 'Zero Trust' mature and measurable in force, against only less than 1% that we have at the moment.
Gartner defines 'Zero Trust' as a security paradigm that explicitly identifies users and devices, giving them the right amount of access so the business can operate with minimal friction while mitigating risks.
John Watts, Vice President and Analyst at Gartner
“Many organizations have established their infrastructure with implicit rather than explicit trust models to facilitate access, work, and operations of collaborators. Attackers abuse this implicit trust in the infrastructure to proliferate the spread of malware and then achieve your goals.” affirms John Watts, Vice President and Analyst at Gartner. "O Zero Trust It is a shift in thinking to address these threats, requiring continually assessed, explicitly calculated and adaptive trust across users, devices and resources.”
to help the companies to complete the scope of their implementations of Zero Trust, it is essential that the CISOs (Chief Information Security Officer) and risk management leaders start by developing an effective strategy that balances the need for security with the business administration.
"This means start with an organization's strategy and define a scope for Zero Trust”, it says Watts. According to the Gartner analyst, after defining the strategy, the executives responsible for cybersecurity and risk management leaders must begin managing identity, as this is a factor fundamental to the application of 'Zero Trust'. They also need to improve not only the technology but also support the development of people and processes for building and managing these identities. "No if must presume that O 'Zero Trust' will eliminate all cyber threats. Instead, it decreases the risk and limits the impacts of a eventual attack."
Jeremy D'Hoinne, Vice President of Gartner
The Gartner Analysts estimate that by 2026, more than half of cyberattacks will target areas in which the controls 'Zero Trust' do not cover or what not manage to protect. “The enterprise attack surface is expanding more rapidly and attackers will quickly consider targeting you assets and to the vulnerabilities outside the scope of architectures Zero Trust (ZTAs)”, affirms Jeremy D'Hoinne, Vice president from Gartner. For the analyst, this can take the form of scanning and exploiting APIs (communication mechanisms between software components) aimed at the public or directed at collaborators through social engineering, intimidation, or exploiting faults due to employees creating their own 'diversion' to avoid strict policies of 'Zero Trust'.
Gartner recommends that organizations implement O 'Zero Trust' for mitigate risks to the most critical assets, since the return will be greater that way. However, the 'Zero Trust' does not solve all security needs. Cybersecurity executives and risk management leaders must also run a ongoing exposure management Threats (STEM — from Continuous Threat Exposure Management, in English) for better control the structure and get optimize exposure to threats that go beyond of the scope of the architectures of 'Zero Trust'.
