“Never trust, always verify” was the founding principle of the term Zero Trust, when Forrester Research Analyst and cybersecurity veteran John Kindervag created the term. At the time, many enterprises were operating under a “trust, but verify” approach, which would be okay if threats were only outside the organization or if it only applied to individuals. But as we know, digital environments have made it harder to keep track of appropriate levels of access, and easier for intruders to get in.
As events like the global pandemic and an unsteady economy have impacted the way we work, Zero Trust has become increasingly popular. And while the core tenants of this approach are sound, many organizations struggle with implementation and fail to see real value in their efforts. In fact, 40% of organizations report they have a Zero Trust strategy fully implemented—but more than half aren’t able to authenticate users and devices on an ongoing basis, and also struggle to monitor users post-authentication, according Fortinet’s 2022 “The State of Zero Trust” survey.
So, what is an organization to do? A good first step would be to identify and address some of the key challenges most enterprises face when implementing Zero Trust. In this article we’ll break down the top three Zero Trust challenges: piecemeal approaches, constant change, and productivity. Then, we’ll explore how managing security on a business platform can significantly reduce the common issues associated with Zero Trust rollouts.
1. Piecemeal Approaches Leave Blind Spots
There’s no shortage of Zero Trust services on the market, but it’s critical to acknowledge that Zero Trust is not a product—it’s a framework. One that requires many IT functions and tools to work together seamlessly across the main pillars of data, device, network, application, and user. But understandably, many organizations fail to stitch together the data and protections of multiple products without leaving security holes.
This is why business platforms are so beneficial. ITSM solutions serve as an overarching system of action across the silos of a business. They make the data and capabilities of every tool across the pillars available through cross-functional workflows. We know the biggest gap in Zero Trust is the user—a platform can address this by adding a complete user security profile in one central location—regardless of the device, network, or application they’re using.
2. Constant Change Means Constant Administration
Zero Trust expands the security perimeter from outside the organization to the inside, increasing protection across the five pillars. The downside of this is that user behaviors within each pillar are changing constantly. This requires control policies to be updated in near-real time as things like professional roles and titles evolve, team members come and go, or Steve from Marketing requested access to a business application to complete a special project.
Any lag in appropriately granting and removing access can leave organizations vulnerable to attack. By managing identity security on the same platform as the HR ticketing system, for example, you can ensure access policies are updated across the five pillars instantly, greatly reducing the risk profile of the organization. But there’s another side to this, too. As important as it is to restrict access in the name of security, it’s also critical to make sure users have the right access to do their jobs effectively.
3. Zero Trust vs. Productivity
It should come as no surprise that one of the biggest pain points in Zero Trust rollouts involves productivity. Often, mistakes in the various access policies can lead to hours or even days of lost work. When employees lack access to the tools they need, they grow increasingly frustrated, and your business suffers. Managing identity security alongside a Zero Trust framework can dramatically accelerate remediation and reduce the loss of productivity.
On a platform, lack of access can be flagged, investigated, and resolved all through a single pane-of-glass view and workflows users are already familiar with. This can all be achieved right within the platform, resolving access requests in one central repository, rather than using multiple tools and processes. As such, issues are resolved faster, and people can get back to doing what they do best—not putting in Helpdesk requests to IT and staring at a screen while they wait.
In a recent Wall Street Journal article, Kindervag wrote, “The hallmark of zero trust is simplicity.”
He added, “To reduce the complexity of cybersecurity environments, organizations can prioritize security technologies and tools that support simplicity by automating repetitive and manual tasks, integrating and managing multiple security tools and systems, and autoremediating known vulnerabilities.”
Identity is a huge tenet of Zero Trust, and a platform approach makes it simple for organizations to start improving their security stance today.
John Milburn is CEO at Clear Skye, an identity governance and administration (IGA) software company. Milburn is dedicated to closing the value gap that has existed in the IGA market for the last 20 years. With more than 25 years of enterprise software experience, he brings with him a deep knowledge of the security and identity management space. He previously held executive roles at renowned organizations such as Quest Software; Dell; and, most recently, One Identity.