Zero Trust has been a concept since 2009 when Forrester first realized that traditional security models operated on the outdated assumption that everything inside an organization’s network should be trusted. 14 years later, the rule of “Never Trust, Always Verify” has never been more important, especially as data breaches continue to make headlines on a seemingly daily basis.
The Zero Trust Conversation
Recently, Forrester Principal Analyst Heidi Shey sat down with Cosmin Dragu, the Engineering Manager, Identity & Access at IKEA Group to discuss common misconceptions, some big challenges that companies need to address, and key moments when an organization can rethink its cybersecurity strategy.
Common Misconceptions
Heidi and Cosmin were joined by Alan Radford, Technology Strategist at One Identity who kicked off the video discussion by going straight to prominent misconceptions about Zero Trust. Heidi noted that over the years, Zero Trust has remained stagnant and is only focused on network security. While a focus on the network and network security is still a core concept, “Zero Trust has evolved to something much broader than that. It’s a whole framework, a whole ecosystem of controls and integration these days.” Watch the video here
Zero Trust Challenges for Organizations
Heidi, Cosmin and Alan outline key challenges that they’ve seen organizations grapple with in addressing Zero Trust. These include:
Stakeholder Buy-In
Figuring out what the decision-maker’s level of understanding around Zero Trust is and starting from a common place of understanding can be difficult, notes Cosmin
Bridging the Gaps Between Siloed Teams
Because every organization is made up of different teams (often siloed) with their own cultures, responsibilities, requirements and stakeholders, another big challenge around Zero Trust security is bridging the gaps between those teams.
Securing Hybrid Data Environments
A question many people ask is, how can you make Zero Trust decisions that benefit both an on-prem and a cloud-based ecosystems? Heidi encourages people to “take a look at what you already have that you may not have enabled or are not using to its fullest ability. See if that’s something that could uplift your posture a bit more… and see if there are potential integrations with the control tools.” Watch the video here.
Opportunities to Promote Zero Trust
In the video conversation, Cosmin Dragu from IKEA, points out that, “Dynamic environments require dynamic thinking. It’s difficult to attack a problem in a static way like we used to with static rules and static roles and static access. We need to think beyond that to have an ever-changing iterative approach to dynamic environments.” Several events can have organizations rethinking their cybersecurity strategy:
- Failed audits
- Data breaches
- A new CISO is hired
- A super-fast transition to the cloud
Both Cosmin and Heidi agree that these type of events may be the perfect opportunity to pitch Zero Trust since stakeholders are already in the mindset of assessing the organization’s security practices and identifying security gaps. This rich conversation will help organizations of all sizes understand and implement a more robust security posture by implementing a zero-trust approach to security.
