The Zero Trust model of security, which takes the approach that no users or devices are to be trusted without continuous verification, is becoming increasingly popular as organisations battle the escalating risk of cybercrime.
Research from leading deep observability company Gigamon found that 70% of IT leaders agree that Zero Trust would enhance their IT strategy. And the latest survey from the Cloud Security Alliance (CSA) finds that 8 in 10 C-level executives have Zero Trust as a priority for their organisations, 94% are in the process of implementing strategies, and 77% are increasing their spend on it over the next 12 months.
In fact, research firm Markets and Markets projects that the global zero trust security market will grow from US$19.6bn in 2020 to US$51.6bn by 2026.
Growing frequency of sophisticated cyberattacks main driver for growth
The main driver for the accelerated growth and adoption of Zero Trust is the growing frequency of target-based cyberattacks. SecOps teams are championing this 'trust no-one' strategy to support the fight against the escalating risk of cybercrime, and in helping to monitor threat actors across their network.
This approach to cybersecurity removes the implicit trust often given to internal traffic within a network. This security-first mindset also benefits business efficiency, with 87% of IT teams believing that productivity has increased since the start of their Zero Trust journey, as systems run faster and downtime is reduced due to fewer breaches.
However, the threatscape is evolving. Ransomware now represents one of the biggest threats to businesses across the world and many are falling victim. This type of malware surged by 82% in 2021 and it shows no signs of stopping, especially as more than three-quarters of British firms which have been victims of ransomware attacks reportedly paid the hackers to retrieve their data.
So, can Zero Trust Architecture (ZTA) help organisations protect themselves from one of the biggest threats in today's cyber landscape?
What does Zero Trust mean in today’s world?
Ian Farquhar, Field CTO of Gigamon, which was the first company to deliver unified network visibility and analytics on all data-in-transit, says that when putting trust into something, we should always have a rational reason for doing so. However, this has not always been the case in IT. Instead, for years IT teams have used approximations for trustability, often because mechanisms to support trust measurement were not practical in the past. This could be because an organisation owns a system, if a user is an employee, or if the network has previously been secure.
Yet, these are not actual trustability measurements, explains Farquhar, they are instead gross approximations often based on assumptions. “When that trust assumption fails, risk is introduced. And when a threat actor recognises those assumptions are part of an organisation's security strategy, they can use them to evade network controls and cause problems for cybersecurity.”
Zero trust changes this. It dynamically measures whether something is trustworthy by analysing how it works and assessing whether an organisation has a rational basis for trusting it and allowing the connection. This is not only the case for entire systems, but also for individual devices, security mechanisms and users.
“Given the prominence of BYOD policies and remote working, it is essential that trust is earned rather than given freely, and all users should be considered threats until proven otherwise,” says Farquhar. “In a world where the workforce has shifted significantly to a ‘work anywhere, work anytime’ model, embracing a ZTA simply makes sense.”
By introducing micro-segmentation – which separates data, assets and applications and represents a key pillar to ZTA – organisations can stop one compromised device becoming an entirely disrupted network.
Farquhar points to the Las Vegas casino incident in which the casino was hacked through its IoT thermometer in an aquarium in the foyer. From here, the attacker was able to access the casino's entire network.
How can businesses protect themselves from this level of threat? And especially so in an era when IoT is expanding, and adversaries are using more innovative tactics and techniques to breach systems.
Ransomware and deep observability – clear view across all data in motion
The cornerstone of ZTA is visibility. A clear view across all data in motion – from the cloud to the core – means IT teams can best understand any threat to their network. From here they can authorise safe activity, as well as detect undesirable application behaviour and analyse the metadata that will detail the origin and movement of an attack.
In other words, you cannot protect against what you cannot see. “The deeper the level of observability into a network, the more insight an IT team can gather and then action to improve their entire security posture,” says Farquhar, adding that this is actually explicitly required by NIST SP 800-207, the gold standard of zero trust.
The very nature of ZTA is deep and thorough inspection of all users and all data, including encrypted traffic. With this architecture and micro-segmentation in place, it will also stop cybercriminals moving laterally within a network – meaning adversaries looking to traverse an IT infrastructure and deploy ransomware across more critical data will be unable to do so.
“Over recent years, cybercriminals have become far more savvy in how they deploy this kind of malware. An attack in today's climate will typically be carefully considered and strategically targeted against known vulnerable organisations that store critical data. It is also common for bad actors to penetrate a network and lay dormant for months at a time.”
Visibility is central in the fight against ransomware; by eradicating blind spots across the network, adversaries will no longer be able to exist on a network undetected. With Zero Trust and deeper observability into all data, criminal dwell time can be cut dramatically from the current average of 285 days.
Farquhar says it’s important to remember that Zero Trust is not the singular silver bullet to ransomware protection, however. But paired with visibility, it is essential for bolstering a company's cyber posture.
Gigamon serves more than 4,000 customers worldwide, including over 80% of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organisations worldwide.