Ben King, CSO EMEA at Okta, considers the value of zero trust.
According to Okta’s State of Zero Trust 2020 report, the security concept zero trust has increased in priority for more than three-quarters (78%) of businesses. In fact, almost all companies (90%) are working on a zero trust initiative, up from 41%a year ago. Among European companies, nine in ten have either fully implemented the strategy or plan to do so in the coming months.
Due to the en-masse move to hybrid work, accelerating cloud adoption and a proliferation of devices, organizations can no longer follow a network perimeter-centric view of security; instead, they need to enable access to their various users regardless of location, device or network.
Identity has become the new perimeter and the most critical component of a zero trust strategy. As organizations have become more flexible in supporting distributed, remote teams, they have also had to change and increase their focus on security. As a result, businesses have needed to adapt and evolve the range of solutions they use to protect identity in all contexts.
Cybersecurity has been gaining increased focus at board level for years now, and we can expect the importance of strong security leadership and zero trust frameworks to continue to grow. We have seen large-scale organizations embrace cloud and mobile technologies, which necessitates identity becoming the logical point of control. Protecting identities is increasingly hard and building a secure authentication, authorization and user management stack for your application is even harder. The vast number of breaches and massive extent of data loss is evidence of this.
According to Ponemon Institute’s most recent Cost of a Data Breach report, a “mega-breach” of one million records could cost a company US$42mn, while a loss of 50 million records costs an estimated $388 million. The huge rise in large data breaches, which have made headlines around the world, has made zero trust initiatives the next big investment priority. More organizations realize the need to adopt a zero trust framework and stay on top of the latest security advancements to protect their customers, employees, and shareholders from the headache and cost of a breach. London, as a financial hub, is breeding the perfect marketplace for zero trust vendors to thrive.
- Zscaler is set to be the industry’s first security vendor to integrate active defence into a Zero Trust architecture
- Zero trust architecture is not just ‘nice to have’
- Why Zero Trust is Vital – and Achievable – for Endpoint and IoT Security
- Why every company needs to implement Zero Trust
When looking at specific industries, those which commonly store large amounts of sensitive data tend to prioritize zero trust more heavily. In certain industries, zero trust is more critical than ever, often driven by expectations from industry regulators. Justice and public safety agencies, for instance, face intensive Criminal Justice Information Services (CJIS) compliance requirements. A zero trust framework helps ensure these organizations meet advanced authentication demands. Similarly, security leaders in finance, healthcare and manufacturing understand that it is crucial to be prepared because their industries have been top targets for threat actors for years. While typically coming from a more mature baseline, these industries must likewise stay abreast of the recent threat landscape and technological changes to both attack and secure identities in a hybrid world.