The Ongoing Shift to Zero Trust

Last week, Zscaler released the findings of its annual VPN Risk Report, which revealed a growing number of VPN-induced security threats facing enterprises today. Based on a survey of hundreds of IT and cybersecurity professionals, the report highlights several aspects that organizations need to consider in order to protect themselves against escalating threats and vulnerabilities. 

The survey found that 65% of companies are considering adopting VPN alternatives, which is in line with what I’m hearing in my conversations with CXOs. The topic of Zero Trust always comes up in those discussions since firewalls and VPNs, by virtue of their antiquated architecture, connect users to the network which gives bad actors the ability to move laterally, enabling them to compromise high-value targets and potentially hold data hostage. Once you put users on the network, you’ve lost the ability to maintain a Zero Trust environment.

I would also urge organizations to do their due diligence when evaluating Zero Trust security solutions - ask the tough questions, get the vendor to “show, not tell,” and really drill down in order to get the answers you deserve. Many legacy firewall and VPN vendors claim to deliver Zero Trust, but their security foundation was built on 30-year-old firewall technology, which is no longer sufficient to protect today’s mobile, highly distributed, cloud-first organizations. The only way to truly enforce Zero Trust is by using a proxy architecture combined with strict business policies to connect users directly to applications - not to the network - thus eliminating lateral threat movement.

While the report’s findings highlight cybersecurity professionals’ awareness of the risk of relying on VPNs for remote access - 71% of companies are concerned that VPNs may jeopardize the ability to keep their IT environments secure - the reality is that legacy mindset and approaches will take time to change. However, given enterprises’ continued shift to hybrid and remote working models, the growing volume and evolving nature of threats, and employees’ expectation of securely connecting anytime, anywhere on any device, the case for adopting a holistic Zero Trust approach gets stronger every day. In fact, 80% of companies surveyed reported that adopting a Zero Trust model is a priority for them - an increase of 8% since last year’s report - and I predict that this number will continue to climb.

To see more findings from the report, please read the CSO Magazine article, the press release, or access the report here. For more information on how to implement Zero Trust as a guiding principle for building a secure network, please download the e-book, Seven Elements of Highly Successful Zero Trust Architecture.