Why siloed thinking could be undermining your zero trust strategy

Zero trust graphic to showcase how it interfaces with IoT
(Image credit: Getty)

Zero trust is becoming synonymous with secure cloud transformation, and for good reason. IT leaders are increasingly finding that legacy security infrastructure cannot keep pace with the nature of modern business. There are new threats, new ways of working, and greater demand for simplified user experiences all pointing to the need for a dramatic rethink around the concept of trust. The sheer scale of the cyber security challenge means businesses can no longer afford to give end users the benefit of the doubt – trust needs to be earned.

Although legacy security infrastructure, such as VPNs and firewalls, do a good job of verifying identity initially, users are then trusted implicitly. Unfortunately, many businesses are all too familiar with the damage that implicitly trusting devices based on IP addresses or login credentials can create, rendering most security controls obsolete. This is something threat actors are becoming all too aware of.

Businesses are increasingly recognizing zero trust network access (ZTNA) as one of the most effective ways to achieve this rethink of trust. Zero trust effectively removes the element of trust across a network environment, with every connection request being considered a threat unless the user can prove they are trustworthy. Access is handled by granting resource permissions based on that verified identity, allowing the businesses to uphold the principle of least privilege without having to trust the user is who they say they are. This approach to security would otherwise be impractical with legacy technology, without imposing repeated identity checks on the end user and substantially degrading the user experience in the process. It’s no wonder then that the vast majority (90%) of IT leaders say they have either implemented or plan to implement zero trust network access within the next 12 months.

However, although awareness of the technology is high, the complexity associated with cloud transformation means many businesses are failing to fully realize the potential of ZTNA. 

Viewing security through a different lens

The fact remains that most businesses view ZTNA through the same lens as they do with most cyber security controls – that being to improve detection techniques and better protect sensitive data. This effectively silos zero trust to the IT and security departments, severely restricting its potential to transform operations more broadly.

According to Zscaler’s State of Zero Trust Transformation 2023 report, the vast majority of businesses cited improving threat detection (63%) and securing third-party remote access (44%) as the reason for implementing ZTNA. Just 27% of businesses said they were implementing the technology to improve connectivity across their workforce, and only 24% said it was to reduce complexity and costs.

Data like this exposes the challenge that IT leaders face. Cyber security is no longer just about defending data against hackers but is now ingrained in the fabric of every business function. When fully utilized, approaches like zero trust provide a way for businesses to simplify their entire technology stack in a way that makes overall objectives more achievable. Security should, and absolutely can play a major role in reducing expenditure and creating efficiencies.

Immediate cost savings

Zero trust is a modern approach to cyber security and as such it significantly reduces a business’ attack surface and the associated risk of a cyber attack. This naturally reduces the risk of subsequent financial penalties or costs associated with recovery efforts.

However, there are far more tangible benefits to zero trust that will produce savings almost immediately – provided approaches are allowed to spread across the entire organization.

ZTNA is one of the most effective approaches for enabling an agile workforce. By reducing reliance on legacy security technologies at the perimeter, which typically place greater restrictions on devices and remote access, employees are given greater freedom to work from where they want to, and how they want to. This gives organizations the opportunity to exploit the cost savings and business agility that hybrid or remote workforces create, while also removing the security concerns that typically undermine such approaches.

Making your business more efficient

Another, less apparent, benefit of embracing zero trust as an organization rather than as a siloed IT project is the visibility that it creates.

For example, organizations that have successfully woven zero trust throughout their business can see an inventory of their entire application estate, providing a far clearer picture of where risk can be further addressed, or where processes can be optimized. This isn’t simply refined to security-related data, as rich contextual data can provide businesses ways to spot processing inefficiencies in legacy technology, or areas that could be ripe for innovation or automation.

Prioritize user experience

Perhaps the most noticeable benefit that a holistic zero trust approach creates is a streamlined user experience.

Business security has always represented a compromise between the need to keep data secure while also allowing users to engage with that data in a way that does not hamper their ability to work productively. The best security systems also tend to be the most difficult to interact with; multiple identity checks, exceptionally robust password rules, and time-limited access can all be incredibly frustrating for the end user.

Simply put, ZTNA allows businesses to prioritize user experience for the first time. It enables users to interact with protected systems without having to provide gargantuan passwords or verify their identity each time they return to the data. This is true regardless of how the user interacts with the resources they need. For example, providers such as Zscaler offer integrated solutions that fit every employee type, whether they are office-based or remote, offering the same seamless sign-in experience across a variety of platforms and devices

The seamless experience made possible with ZTNA ultimately reduces security fatigue, giving employees more time and flexibility to access the data they need without fuss. Security checks feel less intrusive, less frequent, and no longer a barrier to getting work done.

Zero trust requires holistic thinking

Unfortunately, many businesses find it difficult to fully realize some of these benefits. By siloing this work to the IT department, the message is unable to permeate the board room.

It’s incumbent on IT leaders, particularly CIOs, to help show the full potential of zero trust in an organizational context; that the true goal of zero trust is simply to eliminate infrastructure complexity, wherever that may be. Based on Zscaler’s recent data, it is clear resistance to a holistic approach is common. However, whether it is reducing costs, shrinking admin work, or realigning hardware to better fit organizational objectives, every corner of an organization has the potential to thrive under a zero trust approach – not simply adapt to it.

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.