When April Fool’s Day comes around each year, it’s human nature to be a little more on-edge than usual. Your guard is up, and you can’t completely trust anyone (even your closest friends and family). So, for the whole day, you take extra precautions, carefully opening the present your friend just “wanted to drop by,” and not believing there’s “cake in the break room” until it’s fact checked. While it’s fun to dedicate one day per year to April Fool’s Day, organizations of all industries must take these precautions… every day of the year. Cyber criminals are looking for a way to break through security defenses 24/7/365, so organizations must also remain on the clock, working to protect their most critical assets. But when it comes to cyberattacks and protecting your data, the stakes are much higher than whether the cake in the break room is real or not.
It’s easy to want to trust those around you – and the majority of people (I believe) do have good intentions for the most part! But, unfortunately, the increasing complexity of enterprise environments, coupled with the evolution of the threat landscape means that organizations must be much more judicious in how they assess trust. For this reason, many have begun to implement principles in support of a zero trust security strategy. Zero trust is exactly as it sounds – organizations should not inherently trust any user, device, or entity. Instead, they should function as if cyber criminals already have access to the corporate network and resources. While in the past, security may have been focused on establishing a defined perimeter inside which trust was inherently assumed, zero trust today requires an all-encompassing approach to continually evaluate, authorize, and authenticate every network transaction based on the risk it poses.
ESG research revealed that 36% of survey respondents’ organizations experienced probing ransomware attacks on at least a monthly basis over the past 12 months. Many organizations experience these daily. So what are organizations doing about this? 82% of surveyed organizations planned to increase spending on technologies, services, and personnel supporting zero trust in the next 12-18 months, and for those who had already adopted zero trust strategies, 84% believed them to be successful. This is clearly an area of an investment for organizations, and it seems to be paying off for the earlier adopters.
While it may be difficult to trust others when it comes to cybersecurity and cyber-attacks, the objective of ESG Validation reports is to provide an independent, trustworthy perspective of solutions so that IT decision makers can make better business decisions and find the best solutions for their needs. Check out these recent zero trust-related validation reports: Arista Multi-Domain Segmentation Services, CrowdStrike Falcon Identity Protection, Google BeyondCorp Enterprise.
Enterprise Strategy Group (ESG) is an IT analyst, research, validation, and strategy firm that gives the global IT community access to market intelligence and actionable insight. The Validation Team creates assets such as Validation reports, videos, webinars, and more, that help to communicate the technological and economic value of IT products and solutions.