sb-eu logo
Story image

The five business benefits of a zero trust approach to security

19 Aug 2020

Article by Forescout senior director of system engineering for Asia Pacific & Japan, Steve Hunter.

The traditional working environment of being confined to a desk in a central location evolved to accommodate remote work more than two decades before COVID-19. 

But since the pandemic, remote work has become common practice for more employees. The new digital workplace means that employees are accessing the corporate network via their home internet or public Wi-Fi, and often using their own devices to do so. 

Security protocols must evolve with this change as traditional virtual private network (VPN) solutions can grant too much access and result in an increased attack surface that puts organisations at risk.

COVID-19 has increased the threat landscape, with more targeted attacks on organisations from cybercriminals and nation-state groups. As well as remote work, the Internet of Things (IoT), operational technology (OT), and network-enabled smart devices introduce areas of potential compromise for enterprise networks. 

Businesses must consider the organisational risk of their IT environment, shadow IT, mobile, social and third-party platforms. Security architects need to re-examine the concept of identity in their organisation, with many now turning to a zero trust security model to protect sensitive resources.  

Zero trust directly addresses the security challenges that have been amplified by the digital workplace, by applying the concept of ‘never trust; always verify’. 

Zero trust reduces a company’s attack surface by assuming that anything with access to their data is a potential threat, including users, devices, virtual infrastructure and cloud assets.  

As businesses move away from managing corporate applications and networks on-premise, the level of direct management control is reduced. Zero trust requires everything to be verified before a user accesses corporate data. 

To achieve this, everything in the digital world must have an identity, including people, devices, channels, and hosting models. Gaining a full understanding of all IoT and OT systems on the network lets businesses make context-based segmentation decisions to reduce risk without overly impacting availability.

Here are five business benefits of zero trust:

Improves visibility

Visibility is essential in managing and controlling everything on the network. A zero trust strategy aims to discover and classify all devices on the network, not just those that are operational or with endpoint agents installed.

Reduces CAPEX and OPEX

Improved security outcomes are often associated with increased cost and difficulty, known as ‘expense in-depth’. 

A zero trust approach lets businesses consolidate multiple security controls across the network, reducing overall capital expenditure (CAPEX) and operating expenses (OPEX). 

Additionally, zero trust further reduces OPEX by simplifying security management through reducing the number of management consoles the network needs.

Reduces scope and cost of compliance

Zero trust networks are inherently segmented, therefore reducing the scope of regulations and compliance audits. This is because only the required network segment is in scope for regulations once it has been segmented. 

A segmented network makes auditing less complicated and reduces the overall cost of compliance.

Supports more cohesive IT issue resolution

IT specialists across networks, operations, storage and security each have their own unique set of priorities.

When incidents such as network outages occur, the inherent visibility and transparency that zero trust networks afford helps IT specialists work more cohesively to resolve the issue. This helps the organisation recover more quickly, reducing the time and cost associated with network downtime.

Enables digital business transformation

The segmented reality of a zero trust network means that security teams can support the introduction of new services with the necessary privileges and data protection, without hindering existing business and employee productivity. 

This means IT teams can confidently increase the adoption of IoT devices as zero trust reduces the IoT attack service.

The workforce is digital. Security and risk professionals must rethink the concept of identity and should expand their zero trust initiatives to include all devices to provide maximum visibility, leading to improved operational control and network security. 

However, businesses looking to adopt a zero trust approach should do so in phases to reduce business disruption during this process.

Story image
Spending on managed security services in A/NZ to grow despite COVID headwinds
COVID-19 has changed security priorities significantly, and managed security services in A/NZ are set to benefit. More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Strong cybersecurity posture crucial for company success - Fortinet
"They should also conduct due diligence to ensure partners aren’t inadvertently creating vulnerabilities with insufficient cybersecurity measures."More