Analyst firm Research Insights recently offered a look into what could potentially become a tremendous opportunity for solution providers. Analysts are predicting that the Zero Trust security market will grow from $15bn in 2019 to $39bn by 2024, with a compound annual growth rate (CAGR) of 19.9 per cent.
For many, Zero Trust is a game changer in the world of cybersecurity, and numerous vendors are heeding the call for solutions. Yet, there are still several misconceptions around Zero Trust, with many confusing the concept with an actual technology.
- Segmenting and securing the network across locations and hosting models
- Elimination of the inherent trust assumptions that make networks vulnerable to external and internal attacks.
Not so simply put, instituting the Zero Trust security concept meant integrating various different networking and authentication technologies into a framework that assumes nothing is trustworthy until it is fully vetted and identified. In other words, deny any connection or access unless you are absolutely sure of the device and user requesting access.
Lately, enterprises attempting to deploy the concept of Zero Trust are finding that significant expertise is needed across multiple technology disciplines such as networking, cybersecurity, identity management, and data governance. What's more, those enterprises are discovering additional challenges when it comes to embrace Zero Trust. There are challenges such as technical debt, where in-house software may have to be redesigned to support Zero Trust ideologies. Legacy systems also present a challenge, since those systems may not support the concepts of reduced privilege settings, where a user may only access what is appropriate in a system.
Other challenges come in the form of peer-to-peer (p2p) networking technologies, where systems can share and access each other's resources with little or no security controls. Another challenge comes in the form of hybrid networks, where public and private cloud services are unified to deliver applications, blurring the network edge and preventing micro segmentation of network resources.
While those challenges are rearing their ugly heads across the enterprise, those very same challenges can spell opportunity for solution providers, whom have the expertise and fortitude to tackle such issues. What's more, vendors are bringing forth integrated solutions to fuel the move towards Zero Trust.
Some vendors are embracing the concept of integrating multiple security technologies to create Zero Trust solutions. For example Pulse Secure, a security vendor that offers software-defined secure access solutions, is embracing a platform approach to build a Zero Trust solution. The company is integrating other vendor products into its platform to create a platform with unified management.
Pulse Secure's NAC (Network Access Control) platform now supports bi-directional integration with IBM QRadar and Splunk SIEMs, which allows the platform to receive SIEM alerts and take network threat response actions.
The company has also partnered with Fortigate to implement comprehensive identity-based context aware controls that work with Fortigate's Next Gen firewall (NGFW) RADIUS accounting capabilities. The company is also working with Palo Alto Network's NGFW virtual instances to bring forth users' authentication details and resource/IoT access enforcement policies.
"Consolidating multiple tools into a Secure Access platform reduces cost of ownership and operational overhead," said Paula Musich, research director of security and risk management at Enterprise Management Associates.
"That also results in an improved security posture and reduced attack surface, thanks to unified visibility and control, broad endpoint and IoT security coverage."
Numerous other vendors, including Forcepoint and Centrify, are pushing ahead with Zero Trust offerings. Forcepoint views the zero trust framework from a user perspective and has coined the term "human-centric cybersecurity approach." We have seen the legacy approach to cybersecurity fail more frequently, simply because that approach to cybersecurity focuses more on protecting infrastructure and putting up walls to keep people out, as opposed to focusing on what's happening with the people on those infrastructures" said Matthew Moynahan, CEO of Forcepoint.
Forcepoint's chief scientist, Richard Ford added "At Forcepoint, we are taking a step back and flipping the way we look at threats by examining the intersection of humans and critical data rather than the internet at large.
"Forcepoint's human-centric cybersecurity approach looks at the behavior of human and digital identities to protect against theft of critical data."
Centrify, meanwhile, is rethinking how Privileged Access Management (PAM) applies to the modern enterprise. The company is creating a platform that institutes a "never trust, always verify, enforce least privilege" approach to privileged access.
Centrify is furthering PAM into the zero trust arena with a strategic partnership with the Cloud Security Alliance (CSA). The CSA is dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, which in turn will help Centrify drive PAM and zero trust initiatives forward.
"Centrify's interactions with the CSA via the organization's critical working groups will help organizations address modern, diverse IT environments and evolving attack surfaces," said Nate Yocom, CTO of Centrify. "Centrify is committed to advancing cloud security and building awareness about the increasing need to protect cloud infrastructure and workloads with Zero Trust Privilege."
One thing is certain, interest in Zero Trust frameworks is growing, and solution providers will most likely become the champions of disruptive security technologies that can better secure tomorrow's enterprises.
Some say performance, others say money but it may be systems and processes that carry the day
Activist investor's self interests are not aligned with shareholders, HP claims
Having surpassed half a billion euros in its last financial year, the security VAD is pouring its resources into its MSP arm
HP shareholders will be 'better served' by a new director line up, claims Xerox CEO