In this Horizon Report, we’ll provide recommendations to assist security and business leaders with their zero trust initiatives.
In 2010, Forrester introduced “zero trust”: the principle that all network traffic must be untrusted, and any request for access to data must be securely vetted before granting access. Today, expanding cyber threats and work-from-home environments are driving organizations to adopt zero trust approaches.
The network perimeter has become more difficult to manage. Organizations can no longer just manage a perimeter to ensure security. Applications, data, and identities have been moving to the cloud, and business is increasingly conducted outside the protection of the traditional corporate network.
In this scenario, organizations can no longer rely on erecting a protective shield around their vulnerable assets, including full-time employees, temporary workers, channel partners, and third-party suppliers. It only takes one threat actor, malicious insider, or negligent user to compromise the entire environment. Companies can no longer assume trust across any part of their IT stacks.
Organizations cannot implement a zero trust methodology with a one-size-fits-all solution. A zero trust approach requires significant changes across identity management, device assurance, and access management. While a tall order, organizations must ensure that identities are verified and authenticated, and devices are secure, before granting access to data, applications, or networks.