Media: Tech Target
Ten years on, tech buyers still find zero trust bewildering. Consultants aim to help them get a handle on — and deploy — this multifaceted security model.
Organizations are paying more attention to zero trust, but struggle with the basic questions of what it is and how they can adopt it.
That’s the view of executives offering zero trust consulting and implementation services to clients looking for guidance in this confusing field. Professional services firms, managed service providers (MSPs) and systems integrators are pursuing the market, which seems a made-to-measure opportunity for organizations providing technology and business advice.
Despite, or because of, the confusion, zero trust opportunities are poised to expand. TechTarget’s 2023 IT Priorities Survey pointed to zero trust as the No. 2 area for planned deployment within the identity discipline over the next 12 months. Only multifactor authentication, often part of a zero-trust initiative, emerged higher on the list of agenda items. TechTarget polled more than 800 IT professionals in North America.
Growing interest in zero trust
“The concept of zero trust has been there for nearly a decade, but the interest has gone up in the last two years due to work from anywhere,” said Mushtaq Ahmad, senior vice president and CIO at Movate, a digital technology and customer experience company with headquarters in Plano, Texas.
The principles of security have shifted from implicit trust or trust, but verify to never trust and always verify, he said, noting the former concept doesn’t work well in securing enterprise networks in the post-pandemic world. Indeed, user identities and devices emerged as the weakest link amid COVID-19, operating outside of the corporate security zone and within traditional security frameworks. With cloud adoption and work from anywhere the only way forward, corporate security architectures began pivoting to zero trust, according to Ahmad.
David Chou, director of cloud capabilities at Leidos, a technology, engineering, and science solutions and services provider based in Reston, Va., pointed to the continuing rise in cybercrime and government directives as raising zero trust’s profile.
“I think all the previous, very public hacks in the past couple of years have really driven the motivation to adopt zero trust,” he said.
As for directives, the federal government’s zero trust architecture strategy, launched in 2022, and the White House’s cybersecurity executive order, which stipulates zero trust, are fueling interest. “Those are the two mandates that are really driving the bulk of our customers to make sure they’re compliant with the zero-trust model,” Chou said.