The Nature of the Problem
The primary practice behind zero trust is to never trust, always verify, and continually assess. This means that the correct user identities have the correct level of access, in the correct context, to the correct services, and that access is continually assessed, all without introducing friction to the user.
Gartner selects strategic technology trends for their transformative potential, and for 2021, they identified three themes for these trends: “People centricity, Location independence, Resilient delivery.” These are core principles within zero trust. Still, leaders should keep in mind that establishing a perfectly concerted zero trust approach is a marathon rather than a sprint.
Many organizations initiate their zero trust journeys with a spectrum of on-premises and cloud services that are not integrated. Consequently, IT teams must handle varying identities across a range of systems as well as the various applications and technologies. Security teams are left without visibility or control of fractured identities and are confronted with a continually expanding attack surface.
Hodgepodge technology stacks offer multiple attack vectors that enable malicious actors to obtain access to various systems. Verizon found that over 80% of breaches related to hacking involved brute-force or the use of stolen credentials. This statistic underlines the need for organizations to reevaluate their identity management approaches to better safeguard their businesses.
Identity management is a complex project, and the market is saturated with solutions. As identity management within zero trust does not happen overnight, security leaders must construct a plan to identify a starting place.