Our Favorite Zero Trust Stories from December 2023

It’s hard to believe that it’s already December, and the new year is nearly upon us! It’s been another landmark year for Zero Trust — CISA released its Zero Trust Maturity Model 2.0, U.S. federal agencies (like the SEC) continued to make good on their Zero Trust plans in accordance with the Biden Administration's 2021 Executive Order, and the Cloud Security Alliance launched the industry’s first Certificate of Competence in Zero Trust.

As we head into 2024, with cyber strategy, ROI, and resilience top of mind, here are a few of the Zero Trust trends and stories that we're following.  

There's no zero trust if you trust the network... (The Stack, Galeal Zino)

A comprehensive, robust commentary exploring some of the shortcomings of current “Zero Trust” approaches – namely, that if you trust the network or internet implicitly, you really aren’t practicing real Zero Trust.  

Author Galeal Zino, founder and CEO of NetFoundry, argues that “To move beyond the tip of the iceberg model of zero trust, we need a solution that:

• Changes the model from implied trust to explicit authorization. For every use case.  
• Changes the model from infrastructure-dependent and bespoke to open source based and software-defined. Consistent across any network, edge or cloud.
• Changes the model to meet and exceed the strongest security guidelines...”

He goes on to explain that four technical fundamentals enable this model: identity-based networking, strong authentication and authorization, microsegmentation, and no more open inbound ports.  

For more context and additional information on how your organization can leverage Illumio’s Zero Trust Segmentation to supplement your ZTNA, check out our blog post: Pair ZTNA + ZTS for End-to-End Zero Trust

A Zero Trust Approach to Multicloud Security (The New Stack, Monika Chakraborty)

“The traditional, perimeter-based security model is no match for today’s dynamic, multicloud deployments,” writes Monika Chakraborty, Global Cloud Security Practice lead at Synopsys.

In fact, while a multicloud strategy can help companies keep up with business innovation while improving scalability, it often introduces unforeseen challenges for strapped security teams.

Chakraborty’s argument for Zero Trust when it comes to securing the cloud is this:  

“The zero trust approach can address many cloud security challenges, including data breaches and account hijacking, compliance and regulatory issues, insufficient visibility and control, and inadequate training and awareness. This approach emphasizes strong access controls, malware containment, secure configurations, thorough vetting of third-party vendors, continuous monitoring, secure authentication and robust incident response strategies.”

In other words, as organizations look to build out and action on their multicloud strategies, Zero Trust is a must.  

“Building a comprehensive multicloud security strategy is a complex undertaking that necessitates a zero trust security model,” writes Chakraborty. We couldn’t have said it better ourselves!

For more information on how Illumio Zero Trust Segmentation can help your organization contain cloud-based attacks and fortify your cloud architecture as the business scales, check out this blog post on 3 Benefits of Zero Trust Segmentation in the Cloud.

How generative AI will enhance cybersecurity in a zero-trust world (VentureBeat, Louis Columbus)

It wouldn’t be a Zero Trust Spotlight without a story from Louis Columbus!

According to research from Deep Instinct, “While 69% of organizations have adopted generative AI tools, 46% of cybersecurity professionals feel that generative AI makes organizations more vulnerable to attacks. Eighty-eight percent of CISOs and security leaders say that weaponized AI attacks are inevitable,” VentureBeat’s Louis Columbus reports.  

In other words, Gen AI brings with it a breadth of uncertainty when it comes to cyber, although it promises a large upside for business and innovation.  

For CISOs grappling with how to best leverage and defend against AI-enabled threats, one of Louis' top tips (from other CISOs!) is this: “Taking a zero-trust approach to every interaction with generative AI tools, apps, platforms and endpoints is a must-have for any CISO’s playbook.”

That’s all for this month. We’ll be back with more Zero Trust stories in the new year!