The world is expanding technologically at a frightening pace, with constant development reshaping every aspect of our lives. Unless we continuously evolve, we risk being left behind by our peers.
This notion is no different in the cybersecurity landscape. With every latest tech innovation comes novel and complex challenges for the security experts tasked with keeping our confidential data safe. To this point, McKinsey suggests that globally, “at the current rate of growth”, cyberattacks could end up costing $10.5 trillion per year in damages as soon as 2025.
Evidently, businesses need to adopt the most effective security strategies to stand a chance at staying ahead of these threats: introducing Zero Trust. We spoke to Abhilash Verma, General Manager at NetScaler, about what a Zero Trust approach entails, and why he feels it’s an inevitable evolution for the modern enterprise.
So, what exactly is Zero Trust and how does it differ from conventional security?
“Zero Trust represents a profound shift in the way organisations approach security. Traditionally, enterprises would adopt a ‘castle and moat’ approach, centred around building strong perimeter defences to keep cyber-adversaries outside the ‘walls’ of your IT systems. While this concept remains logical, the growing complexity of the contemporary business environment has now rendered this approach ineffective.
At its core, Zero Trust challenges the conventional notion; that users within a network can be inherently trusted. Instead, it adopts a strict ‘never trust, always verify’ stance, subjecting every user and device to continuous scrutiny before granting access only to the resources they are entitled to. This approach shifts the security paradigm from static authentication methods, like one-time passwords, towards continuous vigilance of user and endpoint behaviour even after the point of log-in. By adhering to this principle, Zero Trust Network Access (ZTNA) can utilise AI-powered monitoring tools to evaluate user accounts for signs of unusual or compromising activity. This dynamic approach fortifies security by detecting and responding to anomalies or suspicious behaviour in real time.”
How does ZTNA impact the way in which employees utilise their business’s resources?
“When utilising a legacy security model, like a VPN, a user is typically granted access to a wide array of files and applications once they pass through the network perimeter. As each user operates across many functions of their organisation’s IT system, this action could potentially create hundreds of connections to the network’s resources, therefore opening hundreds of possible points of attack for malicious actors. While security policies mandate tunnelling and encryption for each VPN connection, organisations with a large number of users can place a high load on network infrastructure, even for seemingly innocuous workflows.
Zero Trust takes a more discerning approach to this issue. Operating on the principle of one-to-one connectivity and access, ZTNA allows access to only specific, necessary resources. Imagine it as a tailored, resource-efficient access control system that ensures users are allocated precisely the computing resources needed for their work, wherever they are located. This approach not only strengthens the security posture of the organisation by minimising the number of connections, thereby reducing its overall attack surface, but also minimises resource utilisation, alleviating pressure on IT systems and enabling cost savings.”
Has Zero Trust adoption been slower than you expected? “The industry perception of Zero Trust has evolved significantly since its inception around a decade ago. Initially, it was seen as a radical and innovative concept, but it has now transitioned into a fundamental and inevitable trend, widely accepted as the gold standard of security strategies. However, the journey to widespread adoption of Zero Trust has faced a few hurdles. One key factor is the hesitance of businesses to undertake extensive transformational projects, particularly during periods of economic turbulence. When organisations face budgetary constraints, their primary focus shifts towards market repositioning, cost containment, and financial stability, and committing to a significant overhaul of security practices can appear daunting and resource intensive. This can lead to organisations expanding existing VPN access as an intermediate step to a full Zero Trust adoption.”
The past year has certainly produced a challenging economic climate. Can ZNTA help enterprises to navigate these conditions? “When hit with difficult market conditions, organisations have a variety of cost saving strategies available to them. As we’ve seen this year, many major brands, such as Meta and Twitter (now X), chose to reduce their headcount, but other options include streamlining product portfolios, re-evaluating contracts and partnerships, and restructuring departments. Whilst certainly a substantial project to implement, ZTNA can play a pivotal role in steadying the ship and ensuring financial resiliency. Although Statista estimates the average cost of a UK data breach to be £3.45m, we’re now used to seeing reports of hundreds of millions lost in ransom payments and regulatory fines, not to mention the knock-on effects of downtime and lasting reputational damage. By protecting businesses from attacks and minimising the size of successful breaches, ZTNA effectively frees up extra resources to invest in revenue-building areas.
Additionally, a well-designed Zero Trust solution can reduce operational costs compared to legacy security approaches. Whereas perimeter-based networks are susceptible to breaking, requiring employee-hours and additional tools to maintain, effective ZTNA centralises policy controls and reduces operational costs enabling IT to adapt seamlessly to changing conditions, sparing the organisation significant long-term costs.”
So, is now the perfect time for businesses to deploy a Zero Trust strategy?
“All organisations now face mounting pressures to remain competitive and in pursuit of these objectives the costs associated with technology usage are only expected to increase. Because of this, we see Zero Trust as a top priority for enterprises. Whether the ambition is to bolster cyber resilience in the face of damaging attacks, or to streamline operations for efficiency during stable periods, a Zero Trust network approach makes more business sense than ever before.”