Zero Trust Cybersecurity Poses Challenges, Raises Questions for Organizations
Zero trust cybersecurity is a practice, not a philosophy.
![Zero trust security Zero trust security](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltc48c484a6652b7e6/65243b994bd887d2287eca1e/Zero-trust-security.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
ThreatProtector’s Carl Katz said his company is finding a great need for zero trust security, and it’s seeking a vendor that provides it.
“At the end of the day, with the virtualized world, and everybody looking for a new VPN and new single sign-on type of techniques to prevent breaches, zero trust is absolutely necessary in every environment,” he said. “I’ve been doing due diligence from a consumer perspective, mostly because I’m looking for that vendor to top off our stack. And there’s a few companies that do it right.”
Check Point’s Frank Rauch said his company is a big fan of zero trust, but “it’s interesting because some of the companies we’ve talked to seem to think it’s a philosophy.”
“Well, it’s not a philosophy, it’s a practice,” he said. “So unless you had the right governance, unless you had the right model and you have a way to manage it, you can say it all day long, but it’s not really zero trust. It’s like 50% trust or 75% trust or something like that. So we’re a big believer in it, and we try to not sell it, but educate people on the value of it.”
Lumen‘s Bryn Norton said the first piece of zero trust security is about process, people, controls and technology, “and from our minds that’s what we’re trying to do.”
“And I’m going to keep going back to vendor inclusive and not just because I want to be a neutral guy,” he said. “It’s just generally the best approach because the security marketplace is so crowded. So I’m not going to become the world’s best managed service provider, but what I can do is give customers secure edge nodes across the globe where they can start setting their zero trust policy. And I can help them ingress and egress data into that environment, and allow it to move around in a secure manner. So again, that’s how we’re beginning to look at zero trust, and it leads into secure access service edge (SASE) and these descriptive words come together. But fundamentally, it’s about that control and movement of information, as that’s what we’re leaning into.”
Cybereason’s Abigail Maines said her company has made some acquisitions recently as well to augment its extended detection and response (XDR) capabilities, “which I think starts to go in that direction [zero trust] because from an endpoint perspective, that allows us to have cloud and network metadata.”
“We recently acquired empow and that provides us with some of those out-of-the-box integrations,” she said.
Secureworks‘ Maureen Perelli said XDR and having one single framework help initiate zero trust security.
“We saw this was clear five years ago, that customers had all these disparate security solutions, and it’s about being able to pull them together on the XDR platform,” she said. “I liken the platform at SecureWorks … to just like a phone. It’s going to continue to be added on with a lot of what your capabilities can do with your phone right now as your credit card, your GPS and your new camera. XDR is going to do the same. They’re going to combine it into one platform to make it easier to manage everything.”
When it comes to zero trust, “either you’re doing it or not doing it,” Rauch said.
“And once they get in, what’s your next layer and your next layer, and your next layer,” he said. “And that’s what zero trust does. So I think it’s a component of security. I don’t think it is security.”
Norton said if you don’t understand where your data is, talking about zero trust is a waste of time anyway because “what are you protecting?”
When it comes to zero trust, “either you’re doing it or not doing it,” Rauch said.
“And once they get in, what’s your next layer and your next layer, and your next layer,” he said. “And that’s what zero trust does. So I think it’s a component of security. I don’t think it is security.”
Norton said if you don’t understand where your data is, talking about zero trust is a waste of time anyway because “what are you protecting?”
A growing number of organizations are turning to zero trust cybersecurity to help protect them from damaging, costly cyberattacks. But what exactly does zero trust mean?
Zero trust cybersecurity is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture.
At our recent Channel Partners Conference & Expo, we conducted roundtables with channel experts addressing hot topics in areas such as cybersecurity, cloud and MSPs.
Zero trust cybersecurity was among hot topics addressed during our roundtable with cybersecurity experts.
Panelists included:
Maureen Perelli, Secureworks‘ senior vice president and chief channel officer.
Carl Katz, ThreatProtector Cybersecurity Advisors‘ senior vice president of worldwide partner sales.
Frank Rauch, Check Point Software Technologies‘ head of worldwide channel sales.
Abigail Maines, Cybereason‘s vice president of commercial and channel sales for North America.
Bryn Norton, Lumen Technologies‘ vice president of platform and IT solutions.
Katz said zero trust is necessary in every environment, while Norton said if you don’t understand where your data is, “all of this is a waste of time.”
Scroll through our slideshow above for highlights from this roundtable.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like