It’s a new year, and you know what that means... more Zero Trust stories!
In the first few weeks of 2024, “trust” has been top of mind for cybersecurity executives and business leaders alike. In fact, this year’s Davos theme focused on “rebuilding trust,” and cybersecurity – no surprise – was front and center in terms of how organizations can and should be thinking about rebuilding and maintaining trust in the year ahead.
With more geopolitical instability projected, a largely uncertain economy looming, and bad actors continuing to wreak havoc on non-profits, federal organizations, and enterprises alike (Edelman’s annual trust barometer does a brilliant job of sizing up the current state of “trust” in our world), it’s evident that fostering resilience and reestablishing trust will be a critical business benchmark in 2024.
Here are some of the Zero Trust perspectives and stories that caught our eye this month.
This article does a remarkable job of showcasing where and how Zero Trust is needed to bridge critical cybersecurity gaps, as discovered by the World Economic Forum (WEF) and Accenture’s annual Global Cybersecurity Outlook 2024 report.
Every year, WEF and Accenture team up to explore the latest trends, technologies, and factors underpinning the ever-evolving cybersecurity landscape.
In summarizing this year's top takeaways, reporter Louis Columbus writes, “The best place for the World Economic Forum (WEF) to achieve its key theme this year of rebuilding trust is to start with cybersecurity, cyber defenses, and cyber-resilience.” He makes the argument that Zero Trust specifically is the best place to start.
One of my favorite takeaways from this article, which is very much in line with our messaging and mission here at Illumio, is Columbus’ emphasis on “assuming breach."
“Going all-in on zero trust starts with the assumption that networks and infrastructure have already been breached and the intrusion needs to be contained. Assuming a wide variety of breach attempts and ransomware attacks are inevitable is one of the cornerstones of zero trust,” he writes.
Columbus also goes on to underscore the criticality of microsegmentation in creating any scalable Zero Trust architecture in 2024. He wraps up with an aside on how Zero Trust (when done properly) isn’t just a cybersecurity or resilience enabler, but a business catalyst as well.
See how Illumio can help your organization build resilience, reduce trust gaps, and maximize your cybersecurity investments with our ROI Calculator.
This is a strong follow up to the article Don Yeske, Director of the National Security Cyber Division for the DHS, published last year titled, “A better definition of zero trust.”
In his latest piece, Yeske argues that as more federal organizations look to make progress on their Zero Trust roadmaps, we need more definitive measures in place to track, benchmark, and achieve Zero Trust. He writes, “We need something else now. Something more definitive, and more measurable in different ways... We're no longer defining zero trust; we are implementing it.”
Yeske goes on to introduce this notion of a “Zero Trust kill chain.” He explains, “The kill chain is a mental model that allows us to understand, both offensively and defensively, what is required to win.” His Zero Trust kill chain proposition includes three3 core components: defining “zero trust capabilities,”'; arranging Zzero Ttrust capabilities into kill chains (i.e., prioritizing critical resources and mapping out dependencies),; and mapping notional kill chains to Zzero Ttrust implementations.
Essentially, it’s a compelling perspective on a more formulaic approach to Zero Trust.
For U.S. federal agencies looking for additional context on how to action on their Zero Trust plans in 2024 (in five5 easy steps!), I also really enjoyed this piece of commentary in Federal News Network from Roger Payne, Vice President of IT Solutions at Akima. It’s well worth the read.
AI and Zero Trust, particularly when it comes to cloud security, will remain massive investment drivers and portfolio differentiators in the new year.
In his analysis of the current cloud market, reporter Rob Lemos writes, “With demand for better cloud security growing, security players are looking to consolidation to bolster their offerings, especially in two key areas: products and services that support zero-trust security architectures and offerings that make strong use of machine learning (ML) and artificial intelligence (AI).”
Jim Reavis, CEO and co-founder of Cloud Security Alliance, weighs in: “Companies are shifting to zero-trust features throughout their cloud security and are looking to their strategic partners to provide those solutions.”
Reavis goes on to say, “While zero-trust features are in most demand, companies also don't want to fall behind in the race to adopt AI for any cloud-security benefits.” In other words, in the new year, even more organizations will be on the lookout for more efficient and effective ways to apply AI to security in the cloud.
That’s all for this month. We’ll be back with more Zero Trust stories soon!
Operationalizing Zero Trust – Steps 2 and 3: Determine Which Zero Trust Pillar to Focus On and Specify the Exact Control
Workload protection encompasses many security capabilities including, but not limited to, effective securing and patching of the OS and any installed applications, host-based threat protection controls such as antivirus, EDR, file integrity monitoring, host-based firewalling, etc.