Ad Image

Adapting Zero Trust Amid the “Great Reshuffle”

Adapting Zero Trust Amid the “Great Reshuffle”

Adapting Zero Trust Amid the “Great Reshuffle”

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—Larry Chinski, the VP of Global IAM Strategy at One Identity, shares some insights on the value of implementing a Zero Trust methodology into your company amidst the current “Great Reshuffle” in the workplace.

The last two years have been challenging for the workplace and workforce alike. As we transition from the “Great Resignation” and enter what is dubbed by some as the “Great Reshuffle,” millions of workers are leaving their jobs for roles with a better work-life balance, remote possibilities, and a workplace more aligned to their values.

While this can be a win-win situation for all parties involved, increased turnover rates and new hires can lead to further vulnerabilities within an organization. And, with SolarWinds, the Colonial Pipeline incident, and Log4j still fresh in our minds, organizational cybersecurity, data protection, and protecting user identities is now more critical than ever.

Zero Trust: Never Trust, Verify Everything

The old network perimeter-centric view of cybersecurity is almost nonexistent. Modern enterprise infrastructures are distributed across multiple physical sites, virtual machines, public and private cloud systems, and many platforms, environments, and operating systems. However, your customer’s expectations likely haven’t changed, and they might hold your organization to higher standards because of the change in circumstances.  

Today’s borderless perimeter requires secure access for users regardless of location, device, or network. Customers, stakeholders, and employees are still counting on organizations to secure their data and protect their identities. As a result, many organizations have implemented a Zero Trust model into their IT security programs. Zero Trust is a proven model for implementing robust and selective security by eliminating implicit trust and validating every stage of digital interaction.  

IAM Solution Suggestion Engine

With the mantra “Never Trust, Verify Everything,” Zero Trust continuously verifies user-access permissions (human and machine) to all requested resources (on-premises, cloud, and hybrid). It also monitors and compares user actions to baseline behavior analytics to check for anomalies that may require formal verification and/or immediate action. 

A critical element of Zero Trust is securing identities, implementing processes to manage identities, and monitoring those identities. It involves removing vulnerable permissions, unnecessary access, and excessive access in favor of specific delegation and proper provisioning. In other words, Zero Trust ensures the right people in your organization have the right level of access to the right resources.  

In a recent survey of more than 1,000 IT security leaders from around the globe, 75% agreed that “Zero Trust is of great importance to their overall security posture.” However, in that same survey, despite rising awareness, only 14% of organizations reported having already implemented a Zero Trust Model, citing a “lack of clarity” around how Zero Trust should be implemented as the most significant barrier to success. 

As evidenced by the survey results, implementation is a work in progress and is an ongoing, continuous IT security project. Today’s virtual workplace and high turnover rates seen with the “Great Resignation” and “Great Reshuffling” are partly to blame. 

Adaptive Zero Trust: The Game Changer

The evolving threat landscape has allowed many organizations to step up their security game through an adaptive Zero Trust approach. Specifically, this means using a method that recognizes an organization’s need to evolve alongside internal and external factors yet still operates by the following Zero Trust key principles based on NIST 800-207 guidelines:  

  • Continuous verification 
  • Limit the potential “blast radius” of a breach 
  • Automate analytic collection and threat responses 

Adopting an adaptive Zero Trust approach can help bolster an organization’s cybersecurity posture by protecting and securing the essentials—people, applications, and data—while supporting the modern, cloud-first, remote-working, “new norm.”  

How to “Adapt” 

Implementing and maintaining a Zero Trust model in the workplace is an ongoing endeavor. But, there are ways to adapt the model to work for your organization now. Your adaptive Zero Trust approach should be holistic and, at the very least, provide:  

  • 360-degree visibility across all identities: human, machine, and increasing accounts caused by changes in how and where we work
  • The ability to verify everything before granting access to optimize investments  
  • Adaptive and intelligent security controls that leverage contextual awareness and behavior analytics  
  • The ability to add in new functionality as needed, without undue business disruption

Even in the early planning stages, it is essential to recognize that the threat landscape—and the IT landscape—are no longer static. It is vital to implement a cybersecurity strategy that is flexible and dynamic, one that is not locked into a specific set of processes or constrained by your hybrid infrastructure. By becoming continuously adaptive, you can quickly pivot to changes in user roles/responsibilities, changes in IT infrastructure, and new and developing threats. 

Security needs to be persistent, even with the evolving threat landscape. Your employees, customers, and stakeholders are counting on it. 

Widget not in any sidebars

Share This

Related Posts