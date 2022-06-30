From keynote presentations at the cybersecurity industry’s biggest events to everyday news headlines, everyone appears to be talking about Zero Trust. The Biden administration has now even mandated it for government agencies. Countless security vendors put it in their marketing materials, but what is it, how did we get to this point, and how do organizations and now federal agencies put it into practice?

Fundamentally, Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. We find implicit trust in many places within the IT infrastructure, such as trusting users sitting at headquarters differently than those working remotely from their home. Imagine if airports only checked your identity when you passed through the initial security checkpoint. Theoretically, once you’re in the concourse, you’d be free to bypass your intended flight and board any flight around the world. Zero Trust is the opposite: It implements continuous verification, no matter the user. Your ID is checked at the security checkpoint, then your boarding pass gets checked at the gate, and finally the flight attendant ensures you’re sitting in the correctly assigned seat. No one is trusted, even after they pass an initial security screening.

The past two years have greatly accelerated the move to hybrid work, leading many security teams to start the process of overhauling their security approach for remote users. Yet this approach needs to be expanded across the entire infrastructure, including major digital transformation initiatives such as the move to the cloud, which has significantly increased a company’s potential attack surface. The 2020 SolarWinds attack showed everyone just how dangerous a world without Zero Trust can be: Thousands of organizations found themselves compromised. It’s time for organizations to get serious about Zero Trust as a holistic strategy to ensure they’re protecting what matters most.

One misconception that seems to persist is that Zero Trust is a product you can buy. Unfortunately, buying any single security product doesn’t inherently make any organization “Zero Trust.” As cyberattacks continue to escalate, security professionals feel forced to deploy a ballooning set of different tools–in fact, most organizations I speak with today use 50+ different technologies within their digital environment. This game of security “Whac-A-Mole,” where a new tool is procured and deployed with every new threat, has created a tremendous amount of complexity, strained security teams, and hurt overall levels of security. The combination of accelerating digital transformation, evolving threats, and overwhelming levels of security complexity have made a comprehensive Zero Trust approach an absolute necessity. Analyst firm Gartner agrees, predicting 60% of organizations will embrace Zero Trust as a starting point for security by 2025.