Keeping systems and information safe is an increasingly complex, high-stakes activity. Trusting individuals or systems by default may have catastrophic consequences if it leads to malicious parties gaining access to corporate networks or resources. These consequences may include service disruption and loss or theft of sensitive information – and may , in turn, lead to reputational damage as customers and partners lose trust in an affected organisation. In addition, regulators may impose financial penalties if a breach results from a failure of systems or processes.
Unsurprisingly, businesses and government organisations are turning away from security models that trust individuals or systems by default. As TechTarget notes, these models are ill-equipped to handle data distributed across multiple locations, applications and cloud services. A zero-trust approach requires strict identity and device verification not just to get past the network perimeter, but to access internal systems and resources. By segmenting network components and systems and imposing access requirements for each segment – as well as using risk management analytics to identify suspicious activity – businesses and government organisations can respond effectively to modern security challenges.
Zero-trust network access is continuing to gain traction in business and government – particularly as digital transformation projects take effect. According to a Gartner report, because digital transformation projects “require services APIs, data and processes to be accessible through multiple ecosystems anywhere, anytime, from any device over the internet, [they expand] the surface area for attackers to target.”
Gartner says zero-trust network access “provides adaptive, identity-aware, precision access” and “enables digital ecosystems to work without exposing services directly to the internet.”
The analyst firm predicts that, by 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero-trust network access, while by 2023, 60% of enterprises will phase out most of their remote access virtual private networks in favour of network access.
Is your business or government organisation adopting zero-trust network access? What challenges and opportunities is this approach presenting? Please let us know at firstname.lastname@example.org.