[ad_1]
Technology research and advisory firm Gartner predicts that by 2026, 10 percent of large enterprises will have a mature and measurable Zero Trust program, up from less than 1 percent today.
Although zero trust as a key risk reduction strategy is top of mind for most organizations, few organizations have actually completed a zero trust implementation.
Gartner defines Zero Trust as a security paradigm that explicitly identifies users and devices and grants them just the right access, so businesses can operate with minimal friction while mitigating risk.
implicit trust model
“Many organizations build their infrastructure using implicit rather than explicit trust models to simplify access and operations for employees and workloads. Attackers abuse this implicit trust in infrastructure to build malware that then moves laterally to achieve Their goal,” said Gartner vice president analyst John Watts. “Zero Trust is a shift in thinking that addresses these threats by requiring continuously evaluated, explicitly computed and adaptive trust between users, devices and resources.”
To help organizations complete the scope of their Zero Trust implementation, chief information security officers (CISOs) and risk management leaders must first develop an effective Zero Trust strategy that balances security needs with operational business needs.
“That means starting with an organization’s strategy and defining the scope of the Zero Trust initiative,” Watts said. “Once policies are defined, CISOs and risk management leaders must start with identities—the foundation of zero trust. They need to improve not only the technology, but the people and processes to establish and manage those identities.
cyber threat
“However, CISOs and risk management leaders should not assume that zero trust will eliminate cyber threats. Instead, zero trust reduces risk and limits the impact of attacks.”
Gartner analysts predict that by 2026, more than half of all cyberattacks will target areas not covered and mitigated by Zero Trust controls.
“The expansion of the enterprise attack surface is accelerating, and attackers will quickly consider moving and targeting assets and vulnerabilities outside the scope of the Zero Trust Architecture (ZTA),” said Jeremy D’Hoinne, vice president analyst at Gartner. This can take the form of scanning and exploiting Public-facing APIs or attacks on employees in the form of social engineering, bullying, or exploiting vulnerabilities caused by employees creating their own “bypasses” to avoid strict zero-trust policies. “
risk mitigation
Gartner recommends that organizations implement Zero Trust to improve risk mitigation for the most critical assets first, as this is where the greatest return on risk mitigation occurs. However, zero trust cannot solve all security needs. CISOs and risk management leaders must also run a continuous threat exposure management (CTEM) program to better inventory and optimize their exposure to threats beyond the scope of the ZTA. — trade arab news agency
[ad_2]
Source link
