Background
Zero trust abolishes the paradigm of having a "trusted" internal network and an "untrusted" external network. Given the adoption of mobile, cloud, and a remote workforce, the perimeter has and will continue to erode. We can no longer maintain a perimeter-centered security view of the network. According to Verizon’s 2020 Data Breach Investigations Report (DBIR), cloud assets accounted for 24% of breaches in 2020. In addition, the report showed 77% of cloud asset-associated breaches involved compromised credentials. Today’s organizations must securely verify and permit access to a variety of users regardless of their location, device, or network. This includes denying access to nefarious actors while allowing access to authorized agents such as employees, partners, third-party suppliers, and non-human identities such as workloads, services, and machines. When it comes to zero trust, there is no silver bullet. The challenge may seem overwhelming. Where should today's organizations even start? Organizations should start with identity management when assessing their zero trust readiness and objectives. Even if your organization already has an identity management program, now's the time to revisit it with an increased focus on zero trust environments. This renewed focus will allow your organization to establish continual trust throughout the user's experience on the network.