Our Favorite Zero Trust Stories from November 2023

With Cybersecurity Awareness Month in the rearview, it means that the holiday season is officially upon us. And with more downtime and travels — visiting new places, connecting to new networks, and shopping on new sites — it’s open season for malicious actors.  

As the industry shapes up for another cyber-filled holiday season, here are a few of the Zero Trust trends and stories that are top of mind.  

As perimeter defenses fall, the identify-first approach steps into the breach (CSO, Mary Pratt)

With threat vectors widening and bad actors growing increasingly sophisticated, “security leaders are increasingly shifting their focus from perimeter defenses such as the long-relied-upon firewall in favor of embracing a zero-trust approach,” writes CSO’s Mary Pratt.  

Exploring findings and key trends from Okta Security’s 2023 State of Zero Trust Security report, Pratt highlights the current state of Zero Trust adoption in the enterprise, focusing specifically on the rise of the identity-centric security approach.

"If you don't have a great identity program it's going to impact your other security domains and posture," says Rajesh Radhakrishnan, a managing director at Deloitte.

But identity is only one aspect of Zero Trust. Organizations must also have containment controls like Zero Trust Segmentation in place for when identity solutions are bypassed or fail. After all, identity is just one pillar of Zero Trust.  

Check out this article for more context on why you need ZTS (in addition to identity-first tools and technologies) to build a robust and lasting Zero Trust architecture.  

Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks (TechRepublic, Megan Crouse)

As we approach the end of the year, it’s a good time to look back on all that transpired in 2023 and predict what’s to come. According to Google Cloud’s global Cybersecurity Forecast, generative AI is going to play a large role in leveling up the skills of both attackers and defenders in 2024. And against the backdrop of hyperconnectivity and proliferating multi-cloud environments, findings in the report only underscore the vitality of practices and frameworks like Zero Trust in reducing risk and shrinking attack surface potential.  

As Google Cloud VP & GM Sunil Potti puts it, “Right now, we see organizations running their data in a combination of multicloud, on-premises and hybrid environments – and while it is unrealistic to expect these organizations to host their assets solely in one place, it does make unified, comprehensive security operations and overall risk management particularly challenging.”

TechRepublic elaborates, “In hybrid and multicloud environments, enterprises may need to look out for misconfigurations and identity issues that allow threat actors to move laterally across different cloud environments.”

To learn more about the current state of cloud security, and where tools like ZTS can help your organization reduce cloud gaps and shore up your security posture in the face of rising AI-enabled threats, check out Vanson Bourne’s Cloud Security Index.  

Cloud Security Alliance launches industry-first ‘Certificate of Competence in Zero Trust’ (SiliconANGLE, Duncan Riley)

The Cloud Security Alliance (CSA), a leading nonprofit organization dedicated to defining and raising awareness of cloud computing best practices, continues to play a vital role in enabling organizations and developers to expand their awareness and understanding of critical cloud security practices like Zero Trust.  

As SiliconANGLE reports, “The Cloud Security Alliance today announced the launch of the Certificate of Competence in Zero Trust (CCZT), an authoritative zero-trust training and credential program claimed to be a first in the cybersecurity industry.”

Reporter Duncan Riley writes, “The CCZT offers an in-depth understanding of zero-trust architecture, its components and its functioning. The course includes foundational zero-trust best practices released by sources such as the Cybersecurity and Infrastructure Agency and National Institution of Standards and Technology. It also covers work around the Software Defined Perimeter by CSA Research and guidance from renowned zero-trust experts such as John Kindervag, the founder of the philosophy.”

As organizations look to make good on their Zero Trust strategies and objectives, a robust baseline understanding of the framework and its best practices is essential. You can also visit this page for more context on the foundation of a Zero Trust strategy.

That’s all for this month. We’ll be back with more Zero Trust stories soon!