Each day, security leaders read about how cybercriminals’ tactics are becoming ever more sophisticated. Deepfakes and AI-powered phishing scams deliver social engineering campaigns that are more convincing than ever. Bad actors conceal their malware with encryption, hiding their movements with the same tools used by organizations to preserve data security. In this landscape, the case for zero trust has never been higher.
In a recent survey of UK security leaders, almost half (47%) cited attaining zero trust as critical to security confidence, and more than 8 in 10 (85%) report having open conversations around zero trust at the board level. And yet, skepticism remains around how this can be achieved, with one third of respondents describing zero trust as ‘unattainable’.
The result is a tableau of cautious optimism. Although the majority of security professionals are embracing the tenets of zero trust, many remain aware of the complex journey that lies ahead of them. Channel partners have a critical opportunity to demonstrate their expertise and finally fulfill their customers’ security goals.
Understanding the necessity for zero trust
Since its inception in 2010, the zero trust model of ‘never trust, always verify’, has split opinion. After its initial reception as a revolutionary best practice, the complexity of implementing zero trust, complete with macroeconomic pressures, led many to see the model as an unattainable ‘buzzword’.
With zero trust being written into compliance policies, organizations are increasingly aware of the need to implement and demonstrate their zero trust infrastructure to stakeholders, investors, and partners. The question now is, how?
It’s a scenario akin to the cloud revolution that played out over the last two decades.
Organizations understood that the cloud presented cost savings, scalability, and efficiency, but laying out a strategy for cloud adoption and hybrid cloud security was far more than a tick box exercise. It required a mammoth digital transformation effort – one that many businesses are still adapting and enacting today.
Zero trust presents a similar journey, and there has always been a knowledge gap for end users around what zero trust truly is and how to achieve it. Except, unlike cloud, zero trust is not a market category, nor a segmentation. Instead, it is a way of thinking and structuring networks and protocols that can center around a number of authentication methodologies, from MFA and biometrics to device certification.
A zero trust network architecture means zero trust principles are built into the very network of an organization in order to be fool proof. This stack of complementary monitoring and security solutions, built to satisfy each organization’s specific risk register and appetite for friction, comes together to make zero trust a reality.
Just as the channel supported organizations with the cloud, partners are now essential to the success of zero trust as a mindset, guiding these strategies from start to finish.
Lighting the path
So how can channel vendors and partners alike support their end-users in achieving this vital and elusive framework?
True zero trust networks need to focus on three core pillars: deep observability, authentication, and segmentation. The first pillar is especially crucial for this exercise. No zero trust strategy can operate effectively so long as there are security blind spots for bad actors to exploit.
Many organizations overestimate the level of visibility that they have within their organization: 39% of UK organizations report having the visibility to support zero trust, and yet just 29% can decrypt and inspect encrypted traffic – a common vehicle for malware. True zero trust rests on a foundation of real-time, network-level visibility, and this includes monitoring east-west traffic for behavioral anomalies between sub-perimeters and insights into encrypted data in transit.
The recent push towards vendor specialization will be an asset for partners in this climate. With expert, in-depth knowledge, partners can map out stacks of effective and complementary products that can build out a zero trust architecture without requiring a massive technological overhaul.
If they aren’t already, channel partners need to start asking their vendors about their zero trust capabilities and compatibilities to ensure that they are meeting their customers’ true goals and displaying their expertise to inspire confidence. For vendors, embracing ‘coopetition’ could facilitate a smoother zero trust journey, in which customers are offered best-of-breed capabilities without being limited by incompatible solutions.
Restoring faith in zero trust
For the partners equipped to support their end users’ zero trust journeys, customers’ ambitions spell an opportunity to grow revenue whilst nurturing end users and vendors alike. With consolidation at the forefront of all levels of the channel, successfully tailoring IT advisories and implementations to customers’ needs can not only reduce risk but also security spend. At a time when skepticism is high and budgets are tentative, this is an invaluable way to build trust with customers.
Consolidate to simplify application security: Why this is a business imperative
Zero trust is an area of ambition at best and a topic of deep uncertainty at worst, but the delay between zero trust becoming mainstream as a concept and its widespread, real-world adoption is an indicator that businesses need support and guidance. As IT infrastructure experts, channel partners who hone in on bridging this gap will be able to foster even greater trust, demonstrate their understanding of complex implementations, and ensure a baseline of security confidence for their customers.
