Zero trust has transcended from being a mere industry buzzword to becoming a key facet in organizational approaches to digital transformation, according to Nathan Howe, VP of emerging technologies at Zscaler.
Zero trust is the gold standard. but there are many common pitfalls to avoid
Research from Zscaler shows that “most IT leaders already have a zero trust security strategy in place, or in planning”, yet fewer than one-quarter (22%) are confident of using it to its full potential.
This, the organization warns, shows that businesses need to “widen their lens” to unlock the full benefits of zero trust.
This security model now has far reaching applications, enabling firms to empower distributed workforces, tighten security, and provide vital insights into organizational efficiency
Unlocking the full potential of zero trust
Fundamentally, zero trust represents a paradigm shift away from virtual private network (VPN) and firewall-laden security practices, Howe says, which traditionally sees devices within an organization's network as being trustworthy. We’ve seen glaring issues in the long established ‘castle and moat’ approach in recent years, especially during the shift to remote and hybrid work practices with distributed workforces using devices in a range of locations.
Howe has been part of Zscaler for more than six years, first as director for transformation strateg, then as field CTO, director and head of transformation strategy, and, in 2021, he was apppinted vice president for emerging technologies and 5G.
Zero trust is to not be anchored in any one place, it’s about enabling [IT] functions anywhere
Meanwhile, the concept of zero trust centers firmly around the idea that no user can be trusted. Under this model, every user and device requires verification to access networks.
Visibility, in this context, is key for an organization implementing zero trust, enabling them to have full control over who accesses networks, and on which device they do so.
This model has been growing in popularity in recent years, with Gartner research showing it’s “top of mind for most organizations” and viewed as a key strategy to reduce cyber risk. By 2026, 10% of large enterprises will have what the consultancy describes as a “mature and measurable” zero trust program in place, up from less than 1% today. But enterprises, all too often, don’t fully understand the wide-reaching benefits, Howe says.
PowerEdge - Cyber resilient infrastructure for a Zero Trust world
Learn how to build your own zero trust architecture and discover the recommended tools that will help you get there.
“I think if a company can get to the point of understanding what zero trust is, then there are huge advantages,” he tells ITPro. “The advantage becomes extremely apparent in terms of no longer needing to think about what we can do in a networked world. I can do it anywhere.
“Zero trust is to not be anchored in any one place, it’s about enabling [IT] functions anywhere.”
Visibility across the enterprise is key
If implemented correctly, Howe says zero trust offers marked benefits to organizational visibility, and not just in a security context.
With many companies operating hybrid work practices, there’s scope for IT teams to maintain a solid grasp of network activity while delivering broader operational flexibility.
From pub-working to lockdown drills, these businesses are pushing hybrid work arrangements to the limit
The model also offers a “competitive advantage in the hiring cycle” for firms embracing zero trust due to the ability to maintain flexible, distributed workforces.
“There is the flexibility to be anywhere, and knowing that the work you do will be protected, secure, and ensure that you’re doing the right thing,” he says. “Because the information and insights zero trust provides is so granular, we’re able to apply controls and ensure that staff aren’t downloading bad things or files because you’ve got controls in place.”
Howe notes the network visibility afforded to organizations through zero trust allows them to “start making decisions about how to engage with employees based on where they are”.
In a hybrid work environment, for home-based staff, IT teams can monitor traffic and gain vital insights on risk tolerance. They know remote workers are secure, and can carry out their duties without added risks. For those in the office, the insights gained through working trends can deliver broader benefits in terms of basic office utilities, working practices, and even insights that deliver energy efficiency improvements.
Howe points to a banking customer that used network activity insights to reach out to customers more directly. The firm realized it doesn’t need branches and, instead, could bring employees to cusotomers directly to meet and interact with them. “I can go to them and it changes the dynamics of the business."
“So zero trust is not just a standard technological shift. But when a company properly looks at the benefits of those things, and what it actually enables, there are opportunities to rethink their own delivery of business as well.”
“You can start taking this information and granularity and apply it to the locations where you have offices. You can see how many people are on that site at any time accessing Salesforce, for example,” he explains.
“That insight gives you the ability to start making other business-related decisions, such as when you turn the power on or off, and other auxiliary aspects of the business because you see when people are there, you know they’re working. That granularity in zero trust has huge knock on effects, that we're only just scratching the surface on as an industry.”
At present, Howe says scores of businesses are “starting to think” about how zero trust can be applied more broadly and enable them to “be smarter” about how they distribute their workforces, glean insights into working patterns and productivity, and design office spaces.
Exploiting emerging opportunities
Generative AI has, for the best part of a year now, been the talk of the town across the global technology landscape. Looking ahead, Howe says the emergence of generative AI tools should be a cause for excitement in the zero trust space. This topic was a hotly-discussed topic at the firm’s Zenith Live conference in Berlin in late June, with the technology’s applications being touted as a potential game changer for zero trust.
Want to put AI to practical use today? We’ve rounded up some top business tools from image generation to summarizing documents
The sheer volume of data that passes through Zscaler’s security cloud every day – roughly 300 billion requests – means generative AI tools could play a key role in gleaning value from large quantities of data. In the long term, while this applied to security practices, there could be scope for closer integration of automated tools to further support digital transformation.
“I think we're at the tipping point where it's about to get really exciting with what we can do beyond just a normal enrichment platform,” Howe says. “Like, how can we help find more additional threats, have more refined authorizations, those sorts of things."
