HPE Community
Servers & Systems: The Right Compute
1826001 Members
3264 Online
109690 Solutions
New Article
 
Subscribe to RSS Feed
|
ComputeExperts

Do we know where zero trust is going?

‎08-03-2021 08:50 AM

Improving the security posture of the modern enterprise has never been a more urgent goal. Can ideas like zero trust be invoked with greater frequency as a means to achieving it?

By guest blogger Eric Hanselman, Principal Research Analyst, 451 Research, part of S&P Global Market Intelligence

Zero-Trust.png

There are challenges enough with the implementation of any technology, but zero trust presents more than the usual complement. The ideas represented by zero trust are all important—critical and necessary changes in approaches to security management and control—but they’re so broadly defined and frequently misused that they can’t function as a template for implementation.

When Alice, in Alice in Wonderland, said that she just wanted to get somewhere, the Cheshire cat replied that she was sure to, “if you only walk long enough." Lacking a clear definition, well-intentioned initiatives can burn resources without achieving meaningful improvements. Organizations need to dig into the values that zero trust ideas mean for them in order to succeed.

Data from a recent 451 Research Voice of the Enterprise Information Security study indicates that there is tremendous interest in zero trust, but very little activity. Respondents ranked zero trust last among a list of technology implementations in use. The ideas embodied in zero trust are too important to be languishing in stalled projects or pilot programs. The challenge is that many organizations lack the ability to understand the impacts that zero trust can have. Implementing least privilege policies and increasing identity context is risky if the rationale behind existing controls isn't well understood. Organizations need to overcome these uncertainties to improve their security posture.

Taking advantage of zero trust 

Putting the real benefits of zero trust to work has to involve building in visibility and trust throughout the full infrastructure stack. A piecemeal approach that stitches together a collection of controls is often too brittle to be operationally efficient and leaves the potential for too many gaps. Zero trust implementations require an integrated approach that can manage trust effectively, provide the visibility to understand the impacts of granular policies, and build in the automation to allow it to operate at speed and scale without crushing already strained security teams. By their nature, policies in a zero trust environment are more detailed and better integrated with identity systems. Comprehensive automation can smooth the transition from existing environments, as well.

Zero trust principles can bring the powerful improvement that so many have indicated they believe is possible. They can also be the means to effectively support new models of work and increase the ability of security teams to respond to new and more virulent threats. The ability to pull together greater context in ensuring that infrastructure foundations can be trusted to support business needs and that the right users have access to the secured workloads they need to be productive is a powerful incentive. Organizations just need to understand that to get to this “somewhere,” they need to consider their needs in greater detail and invest wisely.

Ready for more? Read the report "Why is Zero Trust Broken" from 451 Research.

Meet our Compute Experts guest blogger Eric Hanselman, Principal Research Analyst, 451 Research

Eric-Hanselman.pngEric coordinates industry analysis across 451’s broad portfolio of research disciplines, with an extensive, hands-on understanding of a range of subject areas, including information security, networks, and semiconductors and their intersection in areas such as SDN/NFV, 5G, and edge computing. He’s a member of the IEEE, a Certified Information Systems Security Professional (CISSP) and a VMware Certified Professional (VCP), and a frequent speaker at leading industry conferences. 

 

 


Compute Experts
Hewlett Packard Enterprise

twitter.com/hpe_compute
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers

Labels:
About the Author

ComputeExperts

Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.

Top Kudoed Authors Last 30 Days
Author
Kudos
ComputeExperts Avatar
ComputeExperts
1
View all
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.