Over two-thirds of European organizations have begun developing a zero-trust strategy, up from just 25% in 2020, and a further 15% were planning to adopt zero trust tech according to Forrester. The analyst house, which first coined the term over a decade ago, said leading countries adopting zero trust include Germany – 79%, UK – 68%, and France – 66%.
In its new report, Forrester also claimed that public sector organizations are taking a lead with 82% believing their enterprise architecture is invested in and supports zero trust in their organization, compared to 72% of non-governmental organizations.
All of those adopting zero trust solutions have suffered at least one breach in the past 12 months that impacted key business processes or incurred cyber insurance penalties, the report stated.
Baber Amin, COO of Veridium had this comment:
In the rush to get to zero trust, organizations should not be looking for a quick fix or silver bullet or assume that one product or set of products will to get them zero trust. Too often, they fail to understand or don’t want to acknowledge that zero trust is a strategy, it is an information security model. Products can and do help achieve zero trust, but they need to be applied correctly. The most expensive lock is not secure if the door itself is not properly reinforced.
Forrester research says, “Zero Trust is an information security model that denies access to applications and data by default.”
Common mistakes when implementing zero trust include:
- Confusing zero trust strategy with product offerings promising to achieve the desired result.
- Zero trust is a philosophy and a journey. Why? Because zero trust is “Trust nothing, Verify everything, ” requiring constant vigilance and improvement.
- Failure to define proper access control policy based on the concept of least privileged access
- Failing to monitor access creep, and orphan access.
- Focusing only on network access and network traffic routing
- Failing to implement basic levels of multi factor authentication
- Not implementing a proper layered security approach that includes basic security hygiene e.g. end point patching, password reuse.
- Failure to classify and segment data, especially unstructured data
- Lack of visibility around shadow IT
- Lack of visibility between IT and OT. Where there is a gap, it will be exploited.
- Making your user experience too cumbersome, and adoption an uphill battle
The most important thing security leaders can do is go back to 1st principals. These include:
- Follow the Least privilege access model
- Implement a defense in depth model
- Identify what it means to fail securely (Fail open vs fail close)
- Minimize the attack surface area
- Avoid security by obscurity and adopt an open design philosophy
- Implement a SoD (separation of duty) model
- Implement the most robust MFA approach your users will adopt
Zero trust is a good idea that organizations should be looking at. If they take the time to properly plan and implement this strategy, it will pay dividends in terms of better securing the environment. Thus this should be required reading for anyone thinking of a zero trust strategy.
Like this:
Like Loading...
Related
This entry was posted on March 8, 2023 at 8:04 am and is filed under Commentary with tags Forrester. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Two-thirds Of European Firms Adopt A Zero Trust Strategy
Over two-thirds of European organizations have begun developing a zero-trust strategy, up from just 25% in 2020, and a further 15% were planning to adopt zero trust tech according to Forrester. The analyst house, which first coined the term over a decade ago, said leading countries adopting zero trust include Germany – 79%, UK – 68%, and France – 66%.
In its new report, Forrester also claimed that public sector organizations are taking a lead with 82% believing their enterprise architecture is invested in and supports zero trust in their organization, compared to 72% of non-governmental organizations.
All of those adopting zero trust solutions have suffered at least one breach in the past 12 months that impacted key business processes or incurred cyber insurance penalties, the report stated.
Baber Amin, COO of Veridium had this comment:
In the rush to get to zero trust, organizations should not be looking for a quick fix or silver bullet or assume that one product or set of products will to get them zero trust. Too often, they fail to understand or don’t want to acknowledge that zero trust is a strategy, it is an information security model. Products can and do help achieve zero trust, but they need to be applied correctly. The most expensive lock is not secure if the door itself is not properly reinforced.
Forrester research says, “Zero Trust is an information security model that denies access to applications and data by default.”
Common mistakes when implementing zero trust include:
The most important thing security leaders can do is go back to 1st principals. These include:
Zero trust is a good idea that organizations should be looking at. If they take the time to properly plan and implement this strategy, it will pay dividends in terms of better securing the environment. Thus this should be required reading for anyone thinking of a zero trust strategy.
Share this:
Like this:
Related
This entry was posted on March 8, 2023 at 8:04 am and is filed under Commentary with tags Forrester. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.