Reseach Director, Cybersecurity - Industry Analyst at IDC
Vendor
2022-01-06T21:00:30Z
Jan 6, 2022
Hey like the new name.
My Zero Trust Predictions are largely more of the same. It's a desired state, but it requires other IAM prerequisites before it should be attempted or proclaimed. I've described these as a three-legged stool before:
1 Passwordless
2 Least privileged access
3 Network segmentation/proxy
Passwordless is defined many ways and getting easier. Registration and hide the password is pretty popular, but there are true PKI-based alternatives. Why do you need it? So you aren't prompting/challenging people for every single and somewhat sensitive login. Know thy users (or the clever ones will develop work-arounds).
LPA is a refinement exercise best done given rolling averages of 30-day user activity or any other available insights that tracks resource usage by ID. Those not using shouldn't have access.
Network segmentation is a final step that's not really identity-centric. I believe the reverse proxy approach (aka BeyondCorp) makes a lot of sense, but there are other methods.
More often than not, security teams have the budget to do one, maybe two of the above running more than pilot projects in any one year. Wait a few years for the remaining funding and ZTNA might become the rule rather than the exception.
Find out what your peers are saying about ScienceSoft, Sygnia, Cyderes and others in Information Security and Risk Consulting Services. Updated: March 2025.
Access Management solutions ensure that only authorized individuals can access specific resources and data within an organization. These tools are essential for maintaining security and compliance by managing permissions and authentication processes effectively.
Access Management solutions provide comprehensive control over who can access organizational systems, applications, and data. Users appreciate that these solutions offer robust authentication methods, including multi-factor...
Hey like the new name.
My Zero Trust Predictions are largely more of the same. It's a desired state, but it requires other IAM prerequisites before it should be attempted or proclaimed. I've described these as a three-legged stool before:
1 Passwordless
2 Least privileged access
3 Network segmentation/proxy
Passwordless is defined many ways and getting easier. Registration and hide the password is pretty popular, but there are true PKI-based alternatives. Why do you need it? So you aren't prompting/challenging people for every single and somewhat sensitive login. Know thy users (or the clever ones will develop work-arounds).
LPA is a refinement exercise best done given rolling averages of 30-day user activity or any other available insights that tracks resource usage by ID. Those not using shouldn't have access.
Network segmentation is a final step that's not really identity-centric. I believe the reverse proxy approach (aka BeyondCorp) makes a lot of sense, but there are other methods.
More often than not, security teams have the budget to do one, maybe two of the above running more than pilot projects in any one year. Wait a few years for the remaining funding and ZTNA might become the rule rather than the exception.