What are the 5 myths about the Zero Trust approach that can prevent it from being adopted?
As we all realize, we now live in one digital time. Everything is done with the help of internet and young people technologies. For this reason, cyberattacks are now a daily occurrence. Research has shown that global spending on IT products and software services security go beyond them 124 billions of dollars.
Nowadays, many companies are utilizing new technologies such as cloud services to store sensitive information electronically. However, this practice increases the chances of a breach data.
Breaking corporate systems is now a very easy process. In the past, we thought they needed sophistication techniques but the acquisition of credentials one employee is enough to gain access to the whole network of a company.
Once accessed, hackers spread to all systems and steal as much data as possible. Doing so can cause huge financial losses victims.
A recent Centrify study showed that at 74% of the organizations that have received such an attack, their access hackers achieved through stolen credentials. Earlier, Forrester Research had concluded that 80% of data breaches were linked to stolen credentials.
2010, John Kindervag created, thanks to Forrester's collaboration with the National Institute of Standards and Technology, Zero Trust security approach. The Zero Trust approach is regarded as "Antidote" to the fight against violations of data started with stolen credentials.
In essence, this approach requires them users to have "Zero confidence" (as her name says). That is do not trust anyone and require authorization for anyone; or device trying to connect to the company network.
However, some are circulating μύθοι around the Zero Trust approach, which prevent many Companies to adopt it:
Myth 1: The Approach Zero Trust creates distrust within organizations
Nowadays, all employees of a company (and not just IT staff) are responsible for system security. His threats cyberspace they are many. Therefore, everyone should be on guard and they all need to be controlled.
The first myth says that this approach creates distrust, as it shows that there should be no confidence in employees. In contrast, Zero Trust enhances confidence and it prevents hackers from exploiting security gaps that result from blind trust.
The Zero Trust approach is based on the idea that the entire company network can be dangerous, including its users, whether they are internal or external users. Anyone has access the network must be controlled.
Thanks to this extra level of security, users can access even more important parts of the network because all of these controls boost trust and ensure that it is secure access.
Myth 2: The Zero Trust approach focuses only on network segmentation
The Zero Trust approach does indeed focus on networks, but in recent years it has evolved into a integrated security solution, which takes into account many factors.
In recent years the Zero Trust has evolved into a practical guide that includes the most up-to-date threats and data and does not focus solely on network segmentation. Now, she deals with:
- Networks
- Workloads
- Data
- Appliances
- Identity (People)
Myth 3: The Zero Trust strategy is now of less quality
As we said above, this approach made its appearance in 2010. Although it offered a new method of preventing cyberattacks, it did not receive much response.
However, lately more and more analysts recognize its value and recommend it through their various publications.
Many large companies have adopted the Zero Trust approach and believe it is too much auxiliary.
Myth 4: The Zero Trust approach destroys the user experience
Many companies fear that the adoption of strict control and security measures could adversely affect productivity of users.
However, this is not the case. Authentication-based security strategies such as Zero Trust bring benefits to users. In combination with mechanical learning, users can access the network quickly and safely, creating one more positive experience.
Myth 5: The Zero Trust approach is not practical
Many believe that this ongoing scrutiny, required by the Zero Trust, is impractical and that productivity in an organization is reduced.
In fact, however, access is not impeded, but enhanced. In addition, an assessment of the risk posed by a user shall be carried out, together with the verification and implementation of the specified security measures for the request made.
Conclusion
Cyber security is one of the most important issues that organizations should and should be concerned about. She is necessary the adoption of security measures that will effectively prevent a potential attack.
The Zero Trust approach is one modern approach, which prevents hackers from breaching corporate networks through stolen credentials.
Source: secnews.gr
