2022 Predictions #6 - And We'll Call It Zero Trust
Most security professionals have had the principle of least privilege grilled into them from the very beginning of their careers. Giving users the minimum level of access needed to perform their job functions is for the most part an uncontested best practice. Unfortunately, best practices don’t directly translate into wide adoption, and least to their full extent. Over the past few years, or decades really, we’ve seen the ease in which attackers can move laterally and elevate their level of access while exploiting organizations that haven’t followed basic security principles.
Recently, a “modern” information security architecture has grown in popularity under the name of Zero Trust. A Zero-Trust approach to security basically boils down to “assuming the breach.” In other words, assuming an attacker has already compromised one of your assets or users, and designing your network and security protections in a way that limits their ability to move laterally to more critical systems. You’ll see terms like “microsegmentation” and “asserted identity” thrown around in discussions on Zero Trust. But anyone that has been around for long enough will recognize this trending architecture is built on existing, long-standing security principles of strong identity verification and the idea of least privilege.
This isn’t to say Zero-Trust architecture is a buzz word or unnecessary. On the contrary, it is exactly what organizations should have been doing since the dawn of networking. We are predicting in 2022, the majority of organizations will finally enact some of the oldest security concepts all over their networks, and they will call it Zero Trust.
See more of WatchGuard's 2022 Cybersecurity Predictions here: