In recent years, the Zero Trust concept has become quite popular with IT leaders, particularly in the field of cybersecurity. However, there are a lot of misconceptions about this “much talked about” term, with its coinage chalking up doubts among organisations. It is important to understand that Zero Trust is a concept rather than a definite product with a fixed architecture and it aims to provide the right users with right device access and right applications or resources at the right time.
Amidst all the hype, a lot of organisations have already started offering solutions around the Zero Trust concept. With such solutions readily available, the term is being used so loosely that it is often difficult for IT leaders to understand what the concept is really about, says Sandeep Kumar Panda,
co-founder of Bengaluru-based software firm InstaSafe Technologies. He debunks a few misconceptions about Zero Trust:
Zero Trust is only for large enterprises: Zero Trust is suitable for organisations of all sizes. Early adoption of Zero Trust by SMBs can help them to secure their infrastructure at the right time, making it easier to scale as they grow bigger.
It is only for remote or third-party external employees: Zero Trust is suitable for internal employees whether they are in office or working remotely. It eliminates the implicit trust issues relating to employees who can access more resources than they are supposed to.
Zero Trust is suitable only for on-premise infrastructure: Zero Trust solutions can support multi-cloud and hybrid cloud environments. All new age startups are building entirely on cloud infrastructure. So, almost all Zero Trust vendors support cloud infrastructure deployment.
Zero Trust is a complex solution: Zero Trust can work in tandem with the security controls in place and act as a complementary solution that provides enhanced access to users on a “Need to Know basis”. Zero Trust’s implementation can be done in phases, based on the maturity of an enterprise’s infrastructure.
Zero Trust is a foolproof solution: No cybersecurity solution is foolproof, though with the Zero Trust solution, enterprises can create better defence controls which are difficult for hackers to get round.
“During the pandemic, organisations saw a surge in cyberattacks targeting the remote workforce and this led to increased adoption of the model in cybersecurity,” says Panda. “Zero Trust’s adoption facilitates the transition to hybrid work environments by helping players identify, inspect and control access vis-a-vis devices hopping onto their networks,” he adds.