Prasanth Prasad, the Director of Technology at Spire Solutions, says Zero-Trust has become a new market hype

How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
Zero-trust has become a new market hype. There have been a lot of technological changes in solutions today to try and achieve Zero-Trust capability as this is proving to be a key strategy in achieving a robust cybersecurity architecture.

Do you believe that technologies that support zero trust are moving into the mainstream?
Definitely. Many technology providers are making product enhancements and architectural changes to accommodate the zero-trust capability.

Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did?
Organizations today need to define a zero-trust strategy and baseline identity processes and tools before embarking on deploying solutions. Gartner defines zero trust as a security paradigm that explicitly identifies users and devices, and grants them just the right amount of access so the business can operate with minimal friction while risks are reduced.

How can companies get started with zero trust?
Organizations must consider least privileged access, resource sensitivity, and the confidentiality of data secured within the zero-trust architecture while implementing zero trust. These ideas are not brand-new. In the past, numerous teams have attempted to implement least privileged access controls but ran into difficulties as they widened the scope and finer-grained the rules.

These problems do not exempt zero trust. To succeed with zero trust, businesses must plan, invest in people and resources, and refrain from viewing security as a one-time, universal solution. Industry experts have warned that cyber-attacks will be focused on techniques that zero trust controls can’t mitigate.

What according to you are the limitations of zero trust?
The concepts of zero trust are still being evaluated and tested. It needs to cater specifically to individual organizations, and this requires a lot of understanding and maturity. Technology providers today are not able to clearly define them and hence consultants with a good understanding of this concept become key to success.

The disconnect between the Board of Directors and CISO in an organization on risks to the organization just adds to the confusion. I would believe that the limitations are only from the clarity of definition and scalability that can be adopted by organizations that are lacking today. It is only a matter of time before the market matures and the technology interoperability stabilizes to help organizations achieve zero trust seamlessly.