Zero Trust Is So Last Year…or Is It?
I have two wonderful, intelligent, strong-willed and outspoken children. I wouldn't trade them for the world. Some days when I think I have finally figured them out and can speak their language they promptly inform me that I am already outdated and ‘that was so last week.’ The struggle is real my friends.
Sometimes I feel like trying to keep up with the latest memes, trends and viral videos so that I can relate to them is like keeping up with the latest and greatest in InfoSec. As soon as I have a grasp on the latest threats, security strategies and tactics, the industry has pivoted onto the next new shiny thing, often before we have even really fully realized the last thing.
The Next Best Thing
The one thing that is constant, is that our world is constantly evolving and changing. Innovation in technology is both exciting and exhausting. It seems like the tools, equipment and practices that we have integrated into our daily operations are outdated almost the moment they are put in place.
Consumer technology like mobile devices and gaming systems are great examples of this. Every year there is a new model offering bigger and better things. I recently had this discussion with my teen who wanted a new phone (there is nothing wrong with the old phone), the new phone was cooler and had a better selfie camera for Snapchat and Instagram. The pace of new shiny thing output is honestly dizzying and poses unique challenges for whether you are a parent or a security practitioner.
Security teams have such a myriad of responsibilities, tools, and processes to keep track of, how in the world can they keep up and adopt new strategies and solutions at the rate and pace they are announced?
Unless there has been a major security event, why are they expected to pivot and change as rapidly as the most viral video or meme? Security is not a trend, it is a practice. The goal, keep the organization safe from threats and make sure the business can run.
Zero Trust is No Longer Hype
I had a discussion the other day and the comment was made that 'Zero Trust is last year's buzz word, the industry is onto something new now..
Let me be clear, this is a dear friend who is an outside purveyor of InfoSec not a practitioner. But it struck me.Zero Trust, though it has many names since the early 2000s, is a philosophy and strategic approach that at its core is centered around verifying trust in the connections being made to systems and resources. How in the world can the notion of establishing trust be a fad or a trend?
Zero Trust is Important for Remote Worker Security
The buzz word might be dying. But the use cases enabled by Zero Trust have never been more relevant. Take for example the trend towards an increase in remote work. Now more than ever we need to make sure that we can trust the users and devices connecting to our applications and networks.
We need to make sure protections are in place for the workforce, workplace and workloads. Using tools like multifactor authentication, endpoint security, micro-segmentation, and network security.
Let's face it, our infrastructures are a hodge-podge of technologies, legacy investments, critical hardware components and tools that are built into the fabric of our operations. It is no small feat to lift and shift. This to me the real beauty behind a zero-trust strategy. It provides the ability to adopt the latest and greatest while still protecting those investments.
The best zero trust providers will have solutions that support what you have while building in security to ease the adoption of the new tools and technologies enabling a digital transformation.
What's New and What's Next
But I get it. If I've learned anything from my children, and being in InfoSec for as long as I have, we are always on the lookout for what's new and what's next. We have to evolve our approach. I argue that Zero Trust isn't tired even if it isn't getting the same market buzz as it has in the past.
The amazing thing is that it is a security practice that can constantly evolve both with your organization and the industry. If you look at the most recent buzz words circulating — Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), Passwordless — all of these play a part in establishing trust at different levels, in various areas of your organization. What excites me about the latest and greatest is that they focus on the same things. The greatest approaches remove the barriers of security, without removing the security.
Now excuse me while I go argue that we can't buy the new PlayStation because our hardware can't support it, and it doesn't support our existing investment in games and accessories with my teenager. Wish me luck!
If you want to learn more about how Duo can support the realization of zero trust in your environment check out our white paper and learn more.
Try Duo For Free
Sign-up for a free trial to experience the product and see how Duo can give you deep device visibility and get started with Device Trust.