IT and Business Insights for SMB Solution Providers

Understanding Zero Trust

Channel pros can play a valuable role helping customers sort through policies, procedures, and technologies en route to a comprehensive zero-trust strategy. By Samuel Greengard
Reader ROI: 
ZERO TRUST is security framework that focuses on establishing fine-grained user and data controls.
A ZT MODEL comprises policies and procedures, identity management, network access, and data protection.
CHANNEL PROS who offer guidance around security policies and tools can turn zero trust from concept to reality for customers.

ZERO TRUST (ZT) is a concept that sounds remarkably straightforward. By trusting no one, it’s possible to protect everything, right? Not so fast. Like almost everything else in the world of cybersecurity, it’s complicated. For channel pros, sorting through zero trust and putting a zero-trust framework into motion for customers can be daunting. But with the right tools and solutions, it’s possible to turn zero trust from concept to reality for your customers.

Today the term “zero trust” is much hyped, carries a variety of definitions, and comprises a remarkable array of moving parts and pieces that intersect IT systems and departmental lines. “The complexity of zero trust makes it difficult to understand,” states Robert Boles, president of cybersecurity firm BLOKWORX.

For channel pros, a starting point for navigating zero trust is to understand what it is—and what it isn’t. Zero trust is not a product or technology; it’s a framework. It does not revolve around any single vendor or approach. Although many vendors promote their hardware and software as “zero trust”—and their products address key elements of cybersecurity—they are simply a piece of a very large and complex ecosystem.

Robert Boles

Zero trust revolves around a key concept: An organization trusts only the people, devices, and data it must trust, and it constantly verifies everything that must be trusted. The framework discards the idea that it’s critical to protect a perimeter, and instead focuses on establishing fine-grained user and data controls. It incorporates continuous risk assessment, the ability to understand network and data in context, and the provision of legitimate access to assets from any place and at any time.

Developing a zero-trust model requires a long-term perspective. “Zero trust is not a destination. It’s a journey that involves constantly reviewing and analyzing an IT framework for appropriate protections and segmentation,” explains Bruce McCully, chief security officer at cybersecurity firm Galactic Advisors. “There are vendors with great tools and technologies for tackling zero trust, but it’s ultimately about people, processes, and continuous monitoring.”

What ZT Looks Like

The origins of zero trust date back to 2009. That’s when former Forrester analyst John Kindervag, now senior vice president at zero-trust managed security provider ON2IT, introduced the idea that all network traffic should fall into the category of “untrusted.” His original model focused on three key components: accessing all resources securely regardless of geography, providing access only as it’s needed, and inspecting and logging all traffic to verify that users are doing what they are supposed to be doing.

Not surprisingly, zero trust has evolved considerably—partly in response to the cloud, mobility, and the Internet of Things. In 2017, Gartner introduced the Continuous Adaptive Risk and Trust Assessment (CARTA) framework, which builds upon the original Forrester zero-trust model. It shifts the focus away from singular security gates to a comprehensive fabric of protection that’s adaptive and depends heavily on context. It relies on analytics to match risks and risk-tolerance to real-world protection and the everyday needs of users.

While ZT is now a mainstream concept, implementation lags. A January 2022 report from Forrester and security firm Illumio, Trusting Zero Trust, found that while more than three-quarters of business leaders recognize the value of ZT, only 6% say their firm’s plan is complete. In fact, only 36% of respondents’ organizations have started to deploy their solutions and 67% face challenges in getting stakeholders to understand and accept ZT.

About the Author

Samuel Greengard's picture

Samuel Greengard, a business and technology writer in West Linn, Ore., is the author of The Internet of Things (MIT Press, 2015) and Virtual Reality (MIT Press, 2019).

 

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.