Unrelenting increases in cyberattacks makes it clear that traditional approaches to IT security are insufficient, and that organizations need to make a radical shift to zero trust security architectures to protect valuable systems, networks, and data from cyber threats.
During Dell Technologies World in Las Vegas, David Schwarzbach – global marketing senior manager for Dell Security at Dell Technologies – said that yesterday’s brick-and-mortar security paradigm does not properly protect organizations against expanding cyber threats.
“A cohesive security operation that protects every segment of an organization falls entirely on that organization,” Schwarzbach said. When “using a zero trust [framework] at an organization, the goals are to turn security anxiety into security confidence,” he said.
Zero trust is a security framework that requires all users – within or outside an organization’s network – to be authenticated, authorized, and continuously validated before being granted access to applications and data.
“What zero trust is not; it’s not the latest threat management technology. It’s not a single product that can be bought and installed. It’s not a patchwork of siloed security applications. It’s not the panacea for all things IT security,” he said.
Schwarzbach explained that zero trust is a journey where security measures organizations continuously develop, invest in, and engineer with trusted partners.
“[That] journey is also not the same for all organizations. Some organizations may have existing cybersecurity investments that align with zero trust goals. While others may have a less linear pathway to accomplish their zero trust goals,” Schwarzbach said.
In that journey to a holistic and proactive approach to security, organizations can unify and automate policies, technologies, and processes to mature their cybersecurity postures by managing cybersecurity risks, reducing the attack surface, and shifting to a proactive mindset.
During this journey, however, some barriers could interfere with implementing a zero trust framework, including a disorganized technology framework, complexity, siloed organization, lack of technical specification, and overwhelming integration burden.
According to Schwarzbach, there are two overarching pathways to implementing a zero trust architecture into an organization – implementing validated solutions, or evolving current security protocols. When selecting which path best aligns with an organization’s security and operational necessities, Schwarzbach suggested six elements to take into consideration:
- Cost of Lifecycle Management;
- Speed of Deployment;
- Operational Distribution;
- Implementation Costs;
- Possible Integration Burden; and
- Installed Base.
“Whichever path an organization chooses, the ultimate destination is to activate all those zero trust principles because simply having those principles is not enough. They have to integrate into a zero trust framework,” Schwarzbach said.