Reseach Director, Cybersecurity - Industry Analyst at IDC
Vendor
2022-01-06T21:00:30Z
Jan 6, 2022
Hey like the new name.
My Zero Trust Predictions are largely more of the same. It's a desired state, but it requires other IAM prerequisites before it should be attempted or proclaimed. I've described these as a three-legged stool before:
1 Passwordless
2 Least privileged access
3 Network segmentation/proxy
Passwordless is defined many ways and getting easier. Registration and hide the password is pretty popular, but there are true PKI-based alternatives. Why do you need it? So you aren't prompting/challenging people for every single and somewhat sensitive login. Know thy users (or the clever ones will develop work-arounds).
LPA is a refinement exercise best done given rolling averages of 30-day user activity or any other available insights that tracks resource usage by ID. Those not using shouldn't have access.
Network segmentation is a final step that's not really identity-centric. I believe the reverse proxy approach (aka BeyondCorp) makes a lot of sense, but there are other methods.
More often than not, security teams have the budget to do one, maybe two of the above running more than pilot projects in any one year. Wait a few years for the remaining funding and ZTNA might become the rule rather than the exception.
Find out what your peers are saying about ScienceSoft, Sygnia, Cyderes and others in Information Security and Risk Consulting Services. Updated: March 2025.
ZTNA as a Service provides a secure, scalable solution for accessing corporate resources remotely. Its dynamic access capabilities redefine security by focusing on user identity and context, ensuring only authorized users can access critical data and applications.ZTNA as a Service revolutionizes how organizations implement access control by replacing traditional VPN methods with a cloud-centric security model. It leverages identity-based security mechanisms, giving enterprises the flexibility...
Hey like the new name.
My Zero Trust Predictions are largely more of the same. It's a desired state, but it requires other IAM prerequisites before it should be attempted or proclaimed. I've described these as a three-legged stool before:
1 Passwordless
2 Least privileged access
3 Network segmentation/proxy
Passwordless is defined many ways and getting easier. Registration and hide the password is pretty popular, but there are true PKI-based alternatives. Why do you need it? So you aren't prompting/challenging people for every single and somewhat sensitive login. Know thy users (or the clever ones will develop work-arounds).
LPA is a refinement exercise best done given rolling averages of 30-day user activity or any other available insights that tracks resource usage by ID. Those not using shouldn't have access.
Network segmentation is a final step that's not really identity-centric. I believe the reverse proxy approach (aka BeyondCorp) makes a lot of sense, but there are other methods.
More often than not, security teams have the budget to do one, maybe two of the above running more than pilot projects in any one year. Wait a few years for the remaining funding and ZTNA might become the rule rather than the exception.