One of the outcomes of the pandemic has been the increase in cyberattacks riding on the mass work from home or remote work and the haste with which IT had to get move as much of the organisation.
It can be argued that the traditional perimeter-based security has lost some of its teeth as a result.
Zero trust is lauded by some as the next evolution of an organisation’s security architecture designed to support new user populations, customer engagement models, cloud adoption, and IoT devices.
As the concept takes hold at the executive suite and board, analysts and vendors are claiming that zero trust is fast becoming the security model of choice for many organizations.
But as we all know, things are always easier said than done. Experience tells us that security leaders will struggle with the fundamental shifts in strategy and architecture required to holistically implement Zero Trust.
Clearing the misconceptions
According to Parag Arora, VP and MD, SEA, Korea and India for Citrix, one of the issues that organisations must address is the recognition that zero-trust is not a technology and as such it is not a problem of the CIO or CISO.
“Every stakeholder involved in the company is a stakeholder to zero-trust. Zero-trust is also a dynamic concept that must be adaptive. It must be contextual,” he reiterated.
He also stressed that zero-trust is a concept for all sizes of companies. “From a technology perspective, you don’t need to rip and replace, you can always build on what you have,” he added.
Impact to existing security strategies
Arora is quick to assert that unless a product has features and functionalities, the concept of zero-trust ‘demands a holistic view of everything.’ This can be technology, process or culture and it does not talk about one specific element, said Arora.
To Arora, zero-trust needs to evolve on a real-time basis. “I think this is clearly a kind of framework that needs to be working, really touching pretty much every aspect of the organisation,” he added.
Impact on CIO/CISO’s security mandate
Asked how zero-trust impacts the execution of a CIO or CISO’s security mandate, Arora circled back to the idea that zero-trust is an evolution and that solving the security challenges of enterprises will require an incremental approach.
“While we all want to solve all the problems like today, but really assessing where you are now, what investments you've already made. And then how can I really evolve on a step by step basis to really kind of have a more holistic approach or a framework to my end goal,” he opined.
What’s in store for 2022
Arora recommends that with 2022 just around the corner, it is important that to choose solutions that are zero-trust ready. He also suggested having a dedicated zero-trust team or teams.
He warns that the biggest barrier to zero trust will likely be people.
“That could be either ignorance, or it could be sometimes not the right intentions. It is important to have a clear focus, to make sure that Zero-Trust is a culture that we build across the teams and across the business to make this a reality,” he concluded.
Click on the PodChat player to listen to Arora share his perspective on zero-trust.
- Why is zero trust more important than ever for businesses in 2021/2022?
- What are the common misconceptions of around zero trust security?
- From what I understand zero trust is not a product but more an approach. How does this affect security strategies which are often based around products?
- Organisations in Asia are taking the hybrid approach to their computing requirements. How does one integrate a zero-trust strategy when IT will sit across a combination of on-premises servers, private cloud and public cloud?
- For industries that follow very stringent regulatory frameworks built over years, how will zero trust impact the CIOs/CISOs charged with looking to add zero trust principles in the security architecture?
- As we come to 2022, can share your top three recommendations for how businesses can implement the zero-trust approach successfully?