Expert insight: Can we predict the future of zero trust?
SHI and SentinelOne join forces to assess zero trust’s maturity and future in part three of Brad Bowers’ interview with Milad Aslaner.
By leveraging zero trust and its guiding principle of “never trust, always verify,” your organization can eliminate the default trust relationships that so many modern attacks depend upon. But without expert guidance, navigating the zero trust landscape can be overwhelming.
Luckily, SHI and SentinelOne are here to help.
In our first interview with SHI’s Global Field CISO, Brad Bowers, and SentinelOne’s Head of Technology Advisory Group, Milad Aslaner, we explored the ways zero trust:
- Resolves organizations’ cloud challenges
- Improves user experiences
- Protects against ransomware
Then, Brad and Milad outlined the components of zero trust and how your organization can build an effective zero trust strategy.
In the final part of this exclusive interview series, Brad and Milad draw from their decades of cybersecurity experience to reflect on the current state of zero trust and predict the future of this stalwart security methodology.
The state of today’s zero trust landscape
When building a zero trust solution stack, organizations often struggle to balance industry trends with solutions that have storied success. Organizations need technology guaranteed to help them secure their data, users, and devices while still achieving their goals.
How can organizations confidently navigate the wide breadth of solutions that make up today’s zero trust landscape?
Milad Aslaner: The cybersecurity industry can be overwhelming for security practitioners and decision-making executives. When trying to dissect use cases for prospective solutions, organizations are often bombarded by vendor lingo, marketing, and buzzwords.
Unfortunately, when it comes to zero trust, many technology vendors and service providers often make bold claims about their solutions that tend to fall apart in practice.
Most of the time, these companies don’t have a holistic view of your environment – they’re only thinking about their services or their solutions. If you ask a Zero Trust Network Access (ZTNA) vendor, they’ll say ZTNA is the critical piece you’re missing for zero trust. If you ask an Identity and Access Management (IAM) vendor, they’ll say privileged identity management (PIM) or conditional access is critical to achieving a zero trust security model. And the same goes on and on, across the spectrum of service and solution vendors.
These solutions are obviously components of zero trust, but you can’t depend on brand marketing that tells you their product is the keystone to your zero trust strategy. A trusted strategic partner can help reduce the noise by acting as your security advisors. Your partner can have a deeply intimate idea of your environment. With them by your side, you can make informed, data-driven recommendations based on your current landscape and future goals.
You can also refer to guidance from the National Cyber Security Centre (NCSC) and other similar agencies. They step away from all the marketing and provide an honest, expert opinion on where these different solutions can fit into your zero trust strategy.
Brad Bowers: I’m right with you, Milad. Zero trust is still maturing – not only from a technology perspective, but also in terms of the methodology, workflows, policies, and processes that make those technologies more effective and beneficial.
I also agree it’s important to take a step back from all the marketing and get an informed perspective on the solutions you may need. When SHI works with organizations, we help focus on the real results these solutions can deliver, answering important questions such as:
- What will this technology bring to the table?
- How will your existing solutions work with this new technology?
- Will this technology contribute to a holistic zero trust strategy?
As I mentioned in our second interview, there’s no single piece of the puzzle or silver bullet for zero trust. It’s a journey and a methodology. And when all those pieces come together, the result will look different for every type of organization.
Is zero trust mature enough to support your organization?
You mentioned zero trust’s maturity – when SHI helps organizations through their zero trust journey, it’s common for customers to question the maturity of certain solutions within the methodology.
Are the components that make up zero trust mature enough to support organizations of all sizes?
MA: Many solutions in today’s zero trust methodology are geared toward enterprise and large government agencies, especially those with larger security teams and an existing security management partner.
Unfortunately, this often excludes smaller organizations, even though these groups – such as local governments and small-medium businesses (SMBs) – are incredibly important.
The opportunity exists for the industry to better understand the needs of the SMB space. SMBs need solutions that don’t require loads of human intervention to operate, because they often don’t have the capacity to handle tons of manual processes. The person configuring security policies is often the same person manually installing Windows and managing their email server. Expecting that person to also take on a zero trust transformation is a bit of a stretch.
Going back to the idea of service providers and technology vendors, services can often make SMBs’ lives easier by offloading management responsibilities. From a technology perspective, smaller organizations can leverage things like artificial intelligence (AI) and machine learning (ML) to automate most of their manual processes.
BB: In my experience, large organizations are much more likely to pursue zero trust than their smaller counterparts. In my opinion, this is because of some misconceptions. When SHI discusses zero trust with smaller organizations, they often want to pursue a zero trust strategy but have concerns about their budget and team size, as well as the complexity of doing so.
When we work through these concerns, we find they often stem from simple confusion about what’s actually needed to achieve a zero trust methodology – commonly from, to quote Milad, a “bombardment of lingo, marketing, and buzzwords.” While zero trust technology solutions and best practices are still maturing, implementation models exist for organizations of all sizes.
I also agree with Milad that automation is a key to success for smaller organizations. Automation can help smaller security teams succeed in doing what they need to do while easing the weight of all the hats they have to wear.
What is the future of zero trust?
Zero trust brings so much security value – from improving user experiences to easing challenges in the cloud and accelerating digital transformation. Looking forward, what do you both see as the future of zero trust, regarding both the maturity of its component solutions and how organizations can leverage it?
MA: Today, when organizations mature, they move from perimeter-based security into zero trust. In the future, as zero trust becomes more common, I think we’ll see threat actors shift how they attempt to attack organizations. Modern attacks often rely on existing trust relationships between an organization and its entities. With zero trust, that relationship’s no longer there by default. Therefore, their methods of attack will need to change.
Cybersecurity is a never-ending game of cat and mouse. Our transition to zero trust has in many ways been a response to attacks on legacy security models. Once attacks evolve in response to zero trust, we’ll need to likewise evolve our security practices.
That’s why, when I think of the future, it’s clear we need to embrace change. Attacks evolve. Detection methodologies change. We need to embrace that change and leverage new technologies, capabilities, processes, and teams to ensure our organizations are equipped to thwart future threats.
BB: Within ten years, I think we’ll see zero trust become the standard for organizations across the board. We’ll see solutions and vendors continually improve how well they play together, and they’ll build a common language that’ll help organizations not only understand the solutions at play, but also quickly acknowledge and respond to novel threats.
And as Milad said, I also believe malicious actors will try to change and pivot their techniques in response to zero trust, because their legacy ransomware and spray-and-pray attacks will no longer be effective.
It’s certainly going to be a fun time to be in cybersecurity; it’ll be interesting to see how things change.
Are you ready to start your zero trust transformation?
Don’t let your legacy security model expose your environment to bad actors. By leveraging a modern zero trust methodology, you can eliminate the default trust relationships that most attacks depend on – keeping your hybrid workers and mission-critical data safe.
With an effective zero trust model in place, you can:
- Automate time-sensitive and labor-intensive processes
- Gain valuable visibility into your threat landscape
- Detect and respond to threats faster than ever
- And so much more
And with a trusted partner guiding you, you can rise above the marketing hubbub to create a holistic solution strategy that’s right-sized for today and scalable for tomorrow.
For more valuable zero trust insight, read the rest of our exclusive interview with cybersecurity experts Brad Bowers and Milad Aslaner:
Ready to fight back against cyberthreats with zero trust? SHI and SentinelOne can help you get started. Contact our certified cybersecurity experts today.