With the release of the 2023 Zero Trust Security Report, it’s a good time to reflect on the seismic shifts that have happened in the industry regarding network security. Years ago, the corporate network perimeter existed to provide a barrier between an organization’s internal information assets and the internet at large.
Back when workers of the world typically went into an office, users had seamless access to the network as long as they were inside the four walls of the building, also known as the perimeter. There were few impediments to finding and gaining access to whatever was needed during the course of the day. It was pretty effective.
Everything Has Changed
However, the way people work today is very different than in decades past, particularly following the COVID-19 pandemic. The fact is the network perimeter as we once knew it has vanished.
The new normal is “work from anywhere,” also known as a “hybrid workforce” or “remote work.” The challenge is that employees still need access to sensitive company resources to do their jobs, but the walls—and the protections they offered both the company and the employees—are gone. People can work from coffee shops, the beach, a mountain cabin, or anywhere around the world that gives them access to the internet. Security teams have had to implement new protections such as VPNs and multi-factor authentication to keep up in the wake of varying levels of Wi-Fi security.
The disappearance of walls both physical and digital means the security perimeter has effectively dissolved, ushering in a new wave of cybersecurity threats during a time of rampant cybercrime. Not only do companies need robust monitoring and offensive security tactics to protect against external threat actors, but they also have to lock down internal permissions to prevent opportunistic insiders from gaining access to sensitive information they don’t need to do their jobs.
Enter Zero Trust
CISOs and others responsible for their organization’s security posture are increasingly applying a zero trust approach to secure their networks, IP—and company reputations. This model has been around for several years, but it’s recently gained major traction as phishing, malware, and business email compromise (BEC) campaigns have increased.
The basic concept of zero trust is that no user or device can be trusted without authentication.
Another major tenet is that users should have access only to the resources they truly need to do their jobs. Full access to all company resources is simply not necessary and can often lead to enterprising employees accessing and mishandling sensitive documents, which could put the organization at risk. Even well-intended employees can stumble onto information they shouldn’t see if it’s not properly secured.
Results of the 2023 Zero Trust Report
At Fortra, we were curious to learn how enterprises are approaching this complex security environment, as well as to understand the maturity level of their programs. In partnership with Cybersecurity Insiders, we surveyed hundreds of cybersecurity professionals across different industries to gain insight into how they’re implementing zero trust security.
A few things stood out in the 2023 Zero Trust Report:
- 64% of organizations have a roadmap or have begun implementation across their environment
- 79% said protecting data was their top driver
- Identity governance and privileged access management (PAM) are top priorities for the next year
Check out the full report and learn more about key drivers, trends, and other insights that will help you evaluate the best way to get started on a zero trust security model for your operations.