<p>Most organizations have embraced zero trust, but many are early in their adoption journey. Yet with the rising volume, velocity and sophistication of attacks, security teams are under pressure to accelerate those journeys.</p>
<p>”We’re definitely seeing higher rates of adoption today than one or two years ago,” said Jimmy Nilsson, vice president of professional services at Kyndryl, a security consulting firm.</p>
<p>Zscaler’s ThreatLabz 2026 VPN Risk Report found that 84% of surveyed organizations had or were planning to implement a zero trust, up from 81% the prior year and 78% the year before that.</p>
<p>Those figures, however, tell only part of the story. Researchers, security advisers and others in the field say enterprise security teams have just begun to take advantage of what zero trust can do to counter the many threats they face.</p>
<p>Let’s examine what zero trust is capable of and the specific uses cases where it can be put to work.</p>
<section class=”section main-article-chapter” data-menu-title=”Zero-trust’s capabilities”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Zero-trust’s capabilities</h2>
<p>Cybersecurity professionals view <a href=”https://www.techtarget.com/searchsecurity/definition/zero-trust-model-zero-trust-network”>zero trust</a> as an approach, a framework, a philosophy and a security model. Mike Monday, managing director of security and privacy at global business consulting firm Protiviti, called it an “engineering strategy.”</p>
<p>Zero trust is built on the idea that no user, device, system, workload or network segment — even if it sits within an enterprise perimeter — should be inherently trusted. Instead, the zero-trust security model requires entities to be authenticated and verified before they can access resources. Every access request must be authenticated, authorized and continuously validated based on identity, device health, context and risk signals.</p>
<p>”That whole authentication has to happen through that end-to-end process,” Monday explained.</p>
<p>By removing inherent trust and adding authentication requirements and continuous validation, zero trust helps ensure that only authorized, authenticated entities are permitted access to an organization’s IT environment and the data it holds. It also helps contain entities that do gain access, such as threat actors, by preventing unauthorized entities from moving freely throughout the environment.</p>
<p>John Kindervag <a href=”https://www.techtarget.com/whatis/feature/History-and-evolution-of-zero-trust-security”>introduced the zero-trust security model</a> in 2010 while he was an analyst at Forrester Research. He and other early advocates championed zero trust as a necessary replacement for the traditional castle-and-moat security model, which by default extends trust to anything within the corporate environment. Such a hard-perimeter, soft-interior model relies on firewalls. In an era when cloud computing and other technologies were quickly eliminating the perimeter, <a href=”https://www.techtarget.com/searchsecurity/tip/Perimeter-security-vs-zero-trust-Its-time-to-make-the-move”>this approach provided inadequate protection</a> against threat actors.</p>
<p>A zero-trust environment requires a combination of security technologies and IT architecture patterns and principles. These technologies include identity and access management, <a href=”https://www.techtarget.com/searchsecurity/definition/multifactor-authentication-MFA”>MFA</a>, zero trust network access (<a href=”https://www.techtarget.com/searchnetworking/tip/The-basics-of-zero-trust-network-access-explained”>ZTNA</a>) and endpoint detection and response tools. Key enabling IT architectures include microsegmentation and microperimeters.</p>
<p>”Zero trust is a journey. It’s a way of leveraging various technologies to address a specific problem, which is securing networks and securing data,” said Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Key use cases for zero trust”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Key use cases for zero trust</h2>
<p>An organization can apply zero-trust principles in a variety of ways. Key use cases include the following:</p>
<ul type=”disc” class=”default-list”>
<li><b>Employees working on-site</b><b>.</b> Zero trust ensures on-site workers access only the systems and data necessary to perform their jobs at the time they need that access. This limits the <a href=”https://www.techtarget.com/searchsecurity/tip/Five-common-insider-thre
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: