Reg Reader Survey Like many concepts in cyber-security, Zero Trust (hereafter "ZT") has come to prominence recently. The concept is reckoned to have first been used in the mid-1990s, though it came to prominence around 2010 and has really started to take off in the past three years or so.
But when we say "take off", we don't really mean it's become ubiquitous, or the default approach to security used by the majority of companies. No, we really mean that lots of people have started to talk about it and seriously contemplate using it … but not necessarily to put those words and thoughts into action.
Although one analysis says the market for ZT in 2019 was around $18.5bn, rapid growth is predicted with a forecast $66.7bn by 2027. Another reckons it'll grow slightly less quickly, to $59.4bn by 2028. Big numbers, and not all that far apart.
But what are real organisations doing with in ZT? Is it still just a topic for discussion rather than action? Do we really understand what ZT is, and do we have the right skills and tools to implement it?
Realistically we probably do, at least to a reasonable extent, because many concept of ZT are really just no-brainer cyber fundamentals – for example the National Cyber Security Council's ZT guidelines include stuff like "use policies to authorise requests," "don't trust any network, including your own," and "authenticate and authorise everywhere." But to be fair, there's more to ZT than the basic stuff we're all doing: like anything, you have to star ..
Support the originator by clicking the read the rest link below.
