The IT & Security Landscape for 2020 and Beyond and the Role of Zero Trust
We conducted a survey of IT and security professionals across the U.K. and Germany to assess recent trends and understand how organisations have reshaped their strategies in recent months. Not surprisingly, most (84 percent) have experienced a rise in attacks since the beginning of the year. Cybercriminals are taking advantage of the shift to WFH and employee use of insecure devices to launch more attacks than before. With this fluid way of working set to become a mainstay of our lives for the foreseeable future, security is sitting high on the corporate agenda. Organisations are seeking to invest in new cybersecurity measures to ensure their users, assets, applications and infrastructure stay secure.
Zero Trust Goes Mainstream
Zero Trust is one such security framework which has been gaining traction over recent months. Zero Trust can hold negative connotations due to its ‘never trust, always verify’ message — the idea being that employee productivity is hindered. However, the survey revealed that perceptions of Zero Trust are changing. The majority — 89 percent — of respondents had or are considering adopting Zero Trust architecture. And counter to the fears of hindered productivity, 87 percent of those who have started on their Zero Trust journey reported that it has in fact improved their business’s productivity.
Zero Trust and Network Visibility Go Hand in Hand
Zero Trust doesn’t assume that any user or device is safe based on pre-existing credentials, but instead scrutinises asset behaviour and only grants access to the network and its resources based on predetermined policies. It is therefore unsurprising that the top reason for adopting Zero Trust architecture is to improve security — with 54 percent of respondents citing that they started or are considering starting on their Zero Trust journey to secure the network and mitigate risks. Protecting data and making it easier to manage was the second most cited reason for adopting Zero Trust architecture, at 51 percent.
Network visibility plays a key part in enabling Zero Trust, as you need to be able to monitor traffic traversing inside the network as well as that coming in. Visibility into all information in motion on the network is critical to supporting a comprehensive Zero Trust strategy.
One Big Challenge to Zero Trust Adoption: Decryption
Fundamental to Zero Trust practice is encryption of data between assets — after all, decrypted data transmission is trust to the extreme. The modern encryption standard, TLS 1.3, provides a high level of assurance that the data being transmitted and received between assets is not being ‘watched’ by any unwanted parties. In fact, encryption works so well that threat actors are also employing encryption for their own malware’s insertion, command-and-control communications, and data exfiltration. That is another reason why encrypted traffic must be decrypted and monitored.
Easier said than done, right? Yes and no. While there are privacy-related restrictions to decrypting traffic, and the process of decryption itself can be a challenge, there are many best practices to follow. For example, the United States National Security Agency (NSA) provides guidelines on navigating the process of decryption, which in summary says: a) TLS traffic inspection is no longer a luxury, b) decrypt once centrally and not across each tool, and c) pay attention to which tools the decrypted traffic is being sent.
Culture Remains a Barrier to Zero Trust
So, what other challenges do organisations face in implementing Zero Trust? With fluid working, employees have been granted far greater responsibility for keeping the network secure. Our survey found that shadow IT and employee education were the top challenges facing respondents, signalling that businesses may look to adopt Zero Trust to minimise the insider threat. However, the workforce can also prove to be a barrier to successful adoption. Adopting a Zero Trust framework is an evolution that requires support from the top and the bottom, and 65 percent of IT and security decision-makers who chose not to pursue Zero Trust cited wrong company culture as the top reason behind their choice.
This is a complex time for organisations as they attempt to battle unpredictable pressures from all sides. However, it is crucial that they continue to invest in cybersecurity measures to minimise the threat of malicious activity. Practices such as Zero Trust can ensure businesses stay secure without compromising productivity.
To find out more about the benefits of adopting a Zero Trust framework, read the full survey report here. Discover insights from key IT and security leaders across EMEA about the culture that must be facilitated to maximise the success of Zero Trust, and about the wider cybersecurity landscape in 2020 and beyond.
Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.
CONTINUE THE DISCUSSION
People are talking about this in the Gigamon Community’s Security group.
Share your thoughts today