Sunday, April 2, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
Ransomware Report
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities

    Creal Information Stealer Phish Out Cryptocurrency Users

    New Advisory on Thunderbird Vulnerability

    Mozilla Foundation Releases New Advisory on Thunderbird Vulnerability

    Hacktivism

    Hacktivism and The New Age of Cyber Warfare

    3CX

    Global 3CX Telephone App Users at Risk, CEO Blames ‘Upstream Library’

    HACLA Cyber Attack

    Here’s Everything We Know About HACLA Cyber Attack Claimed by LockBit

    Microsoft Bing Search Results

    Microsoft Bing Search Results Altered Through AAD Misconfiguration

    World Data Backup Day

    World Data Backup Day: Are You Doing it Right?

    UK on AI

    UK Government to Go Light on AI Regulation; Musk, Wozniak Call for Six-month Halt on AI

    Spyware Vendor

    Spanish Spyware Vendor’s Product Used to Target UAE Users, Finds Google

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    cybersecurity-education-legislation

    North Dakota Approves Computer Science and Cybersecurity Education Legislation for K-12 Grades

    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    CISA

    13 Specialists to Join Forces with CISA’s Cybersecurity Advisory Committee

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities

    Creal Information Stealer Phish Out Cryptocurrency Users

    New Advisory on Thunderbird Vulnerability

    Mozilla Foundation Releases New Advisory on Thunderbird Vulnerability

    Hacktivism

    Hacktivism and The New Age of Cyber Warfare

    3CX

    Global 3CX Telephone App Users at Risk, CEO Blames ‘Upstream Library’

    HACLA Cyber Attack

    Here’s Everything We Know About HACLA Cyber Attack Claimed by LockBit

    Microsoft Bing Search Results

    Microsoft Bing Search Results Altered Through AAD Misconfiguration

    World Data Backup Day

    World Data Backup Day: Are You Doing it Right?

    UK on AI

    UK Government to Go Light on AI Regulation; Musk, Wozniak Call for Six-month Halt on AI

    Spyware Vendor

    Spanish Spyware Vendor’s Product Used to Target UAE Users, Finds Google

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    cybersecurity-education-legislation

    North Dakota Approves Computer Science and Cybersecurity Education Legislation for K-12 Grades

    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    CISA

    13 Specialists to Join Forces with CISA’s Cybersecurity Advisory Committee

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Features

Zero Trust – Vendors, Investment, and Future

Editorial by Editorial
July 29, 2022 - Updated on November 2, 2022
in Features
1
Zero Trust – Vendors, Investment, and Future
586
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

“We’ve seen two years’ worth of digital transformation in two months,” said Microsoft CEO Satya Nadella, delivering the company’s quarterly earnings report to Wall Street in April 2020. The months that followed ushered in a decade of changes in digital transformation and corresponding security challenges.

“What we have witnessed over the past year is the dawn of the second wave of the digital transformation sweeping every company and every industry,” said Nadella, announcing the quarterly results in January 2021. “Building their own digital capability is the new currency driving every organization’s resilience and growth.”

You might also like

Fake Accounts Are a Bigger Problem Than Businesses Realize

Unconscious Bias & Social Barriers Negatively Impact Neurodiverse Workforce in Cybersecurity

Women in Cybersecurity: 6 Lessons Learned From Running My Own Business

The spike in remote work and online transactions forced businesses to get their act together. Instead of playing catch-up, infosecurity professionals started taking proactive measures to replace the existing perimeter-based security tools with Zero Trust architecture. But is the adaptation prohibitively expensive for start-ups and SMEs? Not necessarily, security industry leaders tell Cyber Express.

Why is Zero Trust important?

“In this new world, there is no longer a wall around a business’ sensitive assets, and nor are employees always on-site,” said Ben King, Chief Security Officer – EMEA at Okta.

“As organizations have become more flexible in supporting distributed, remote teams, they also had to change and increase their focus on security. Businesses have had no choice but to evolve the range of sophisticated solutions they use to protect identity in all contexts. This has led many s organizations to reduce or retire traditional perimeter-based security tools and implement a zero-trust architecture.”

The post-pandemic businesses need a security model that adapts to the complexity of the modern environment more effectively, embraces the mobile workforce, and protects people, devices, apps, and data wherever they are located. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model verifies each request as though it originates from an open network.

“There are many notable examples of companies that have deployed zero trust models. Many vendors will advocate that their product offerings are adhering to zero trust, but as we know, implementing such an approach within an enterprise is not something you can fix solely with technology but instead with a broader set of principles,” said Raj Samani, Chief Scientist at MacAfee.

In the cloud, the safest thing to assume is that nothing is safe, a Microsoft spokesperson told Cyber Express. According to the spokesperson, businesses should base their Zero Trust architecture on three principles:

  1.   Verify explicitly:

Validate any access request in its full context: the user account, the device, the network, the application, and the data being accessed

  1.   Use least privileged access:

When we do grant access to someone, give only the minimum level of access the user needs to complete their task, and only for the amount of time they need it.

  1.   Always assume breach:
    It asserts that breaches do happen. As such, all systems should be ready to detect and remediate any attacks, and the security infrastructure must be designed to minimize the blast radius of any possible incident.

Zero Trust

What businesses need Zero Trust the most?

With digital transformation covering all aspects of daily life, the spectrum of Zero Trust adaptation is growing by the day. Companies such as GitLab, MGM Studios, FedEx, public relations major Dentsu, and non-governmental organizations including the Norwegian Refugee Council are among the long list of domain leaders that have adopted Zero Trust.

A closer look at the activity profiles of the organizations that tend to prioritize Zero Trust more heavily shows these common characteristics: they have a complex user population; they store large amounts of sensitive data.

“In certain industries, zero-trust is more critical than ever, often driven by expectations from industry regulators. Justice and public safety organizations, for instance, face intensive regulatory compliance requirements. A zero-trust framework helps ensure these organizations meet advanced authentication demands,” said Ben King of Okta.

Similarly, security leaders in finance, public utilities, and manufacturing understand that it is crucial to be prepared because their industries are top targets for threat actors.

However, fewer professional services firms seem to recognize their risk level, with less than 40% confirming defined zero-trust initiatives, King said, citing Okta’s State of Zero Trust 2020 report. The size of the business and volume of the data rarely matter these days, he added, giving the example of healthcare organizations, which must adapt zero-trust initiatives both in their current and planned projects irrespective of their size.

Global research and advisory company Forrester list the rise of ransomware as one of the major reasons for Zero Trust adaptation among their clients. The publication of SP 800-207 Zero Trust architecture guidance by the National Institute of Standards and Technology (NIST) helped the move. However, it was the pandemic that boosted the adaptation numbers.

“Thousands of organizations got their first taste of Zero Trust during the Covid-19 pandemic. When workforces went nearly 100% remote, VPN infrastructure could not keep up and Zero Trust solutions stepped in to provide cloud-delivered secure remote access,” said David Holmes, senior research analyst at Forrester.

Forrester received hundreds of calls from clients who wanted the transition to Zero Trust during the pandemic. According to a Forrester research, federal agencies in the US and abroad are using NIST’s 800-207 publication as a go-ahead to start scoping more ZT.

Any change brings its own costs and inconveniences. Is the switch to Zero Trust architecture prohibitively expensive for start-ups and SMEs?

“Quite the opposite,” said Holmes. “Many start-ups are cloud-based and it’s easier to do ZT in the cloud.  It’s actually the larger enterprises that are struggling to apply Zero Trust to heterogeneous, legacy environments.”

Adaptation is relatively easy if a five-step process is implemented, says a guidance note by Palo Alto Networks. The steps are:

  •      Define the protected surface:

The protected surface encompasses the critical data, application, assets, and services—DAAS—most valuable for your company to protect.

  •   Map the transaction flows:

Documenting how specific resources interact allows you to properly enforce controls and provides valuable context to ensure the controls help protect your data, rather than hindering your business.

  •   Architect a Zero Trust network:

Once you’ve defined the protected surface and mapped flows relative to the needs of your business, you can map out the Zero Trust architecture, starting with a next-generation firewall.

  •   Create the Zero Trust policy:
  1. Use the “Kipling Method” to define the following:
  2. Who should be accessing a resource?
  3. What application is being used to access a resource inside the protected surface?
  4. When is the resource being accessed?
  5. Where is the packet destination?
  6. Why is this packet trying to access this resource within the protected surface?
  7. How is the packet accessing the protected surface via a specific application?
  • Monitor and maintain the network:

Since Zero Trust is an iterative process, inspecting and logging all traffic will provide valuable insights into how to improve the network over time.

Who are the major players in zero-trust?

Forrester’s ZTX Ecosystem report ranks 15 Zero Trust platform providers, including major players such as Microsoft, Google, Cisco and Palo Alto and some smaller vendors such as Ionic and Guardicore.

The list includes the likes of Twingate, AppGate SDP, Zscaler Private Access, Pulse SDP, Wandera, Proofpoint Meta (formerly Meta Networks), and Trustgrid Software-Defined Perimeter.

In a move that is expected to fuel Zero Trust adaptation among smaller businesses, Google recently threw open the doors of its Zero-Trust product offering, BeyondCorp Enterprise, which extends and replaces BeyondCorp Remote Access.

Security industry leaders Check Point, Citrix, CrowdStrike, Jamf, Lookout, McAfee, Palo Alto Networks, Symantec, Tanium, and VMware have joined Google as members of BeyondCorp Alliance, which intends to popularize Zero Trust architecture.

Who are the investors?

The latest Zero Trust Access Providers list by Forrester has over 30 vendors, many of whom are recent start-ups.

“Private equity is backing many of these start-ups,” said Holmes of Forrester. They’re investing not just because Zero Trust has become the de facto security strategy, but also because the increase in remote workforce is making these technologies critical.”

The opportunity was spotted by investors, particularly private equity firms, way before the pandemic.

“To date, the security focus for most corporates has been erecting firewalls around the perimeter of their network. However, this model has increasingly come under attack, calling for a new paradigm wherein the concept of trust in a security context is dramatically altered,” David Milroy, Partner at UK-based private equity Maven, wrote in 2019,

“In a Zero Trust framework, trust is viewed as a vulnerability with all users treated equally, in contrast to traditional security where users inside a network are deemed to be more trustworthy than those outside of the corporate firewall… Faced with the spectre of ever more sophisticated attacks, businesses will continue to invest in preventative measures that fuel the cybersecurity ecosystem and, as a result, will create attractive opportunities for investors.”

Mergers were clear indicators of the trend

Cisco acquired Duo Security for $2.35 billion in cash in 2018, with Duo CEO and co-founder Dug Song and the team joining Cisco’s networking and security business. Proofpoint announced in May 2019 its agreement to buy zero trust network access provider Meta Networks for $111 million in cash and approximately $9 million in stocks.

The US-based software company Ping Identity in November 2020 announced its acquisition of Edinburgh-based Zero Trust tech start-up Symphonic Software for an undisclosed amount. Marven, which was invested in  Symphonic, made a 2.9x money multiple returns and 90% internal rate of return (IRR) for investors in under two years from the deal.

Zero Trust business Appgate in February announced a merger with Newtown Lane Marketing and an investment of up to $100 million from “a leading alternative investment manager”. The investment valued the company at $1 billion.

Appgate was formed after Cyxtera Technologies spun off its cybersecurity business into a separate company in 2019. Going by the indications, investment firm BC Partners, which created Cyxtera after investing $2.8 billion in 2017, has made a killing from the latest deal. The investment firm will hold 50% of the post-merger entity.

What next?

The Zero Trust cybersecurity market is expected to reach $38 billion by 2025, according to an analysis by Adroit Market Research.

“The zero-trust security market has solid competition among the early established and new players. Also, to capture a competitive advantage over the other industry, many players are aiming for potential markets by forming collaboration and partnerships, agreements, mergers & acquisitions, acquiring new start-ups and other companies, and escalating their business presence,” it said.

A study by Enterprise Management Associates (EMA) says that 60% of IT buyers accelerated the implementation of zero-trust policies and technology during the COVD lockdown and unlocking period.

“According to Ponemon Institute’s most recent Cost of a Data Breach report, a “mega-breach” of 1 million records could cost a company $42 million, while a loss of 50 million records costs an estimated $388 million. The huge rise in large data breaches, which make headlines around the world, has made zero-trust the next big investment opportunity,” said Okta’s Ben King.

“More and more organizations are realizing the need to adopt a zero-trust framework and stay on top of the latest security advancements to protect their customers, employees, and shareholders from the headaches and costs of a breach. London, as a financial hub, is breeding the perfect marketplace for zero-trust vendors to thrive,” he added.

Microsoft research from 2020 found that considering the growth in remote work, 51% of business leaders are speeding up the deployment of Zero Trust capabilities.

“As people begin returning to the office or hybrid-remote scenarios, we believe Zero Trust architecture will still eventually become the industry standard, which means everyone is on a Zero Trust journey. That reality is reflected in data, such as numbers that show how 94% of companies reported that they are in the process of deploying new Zero Trust capabilities to some extent,” said the Microsoft spokesperson.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: cybersecuritycybersecurity awarenessCybersecurity BusinessMulti-factor Authenticationsecurity threatsZero Trust
Previous Post

Insider Threats: Elephant in the cubicle!

Next Post

White House Judiciary discusses Breach of Court Session by Foreign Actors

Editorial

Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

Related Posts

Fake Accounts
Features

Fake Accounts Are a Bigger Problem Than Businesses Realize

by Editorial
April 2, 2023
Neurodiverse Workforce
Features

Unconscious Bias & Social Barriers Negatively Impact Neurodiverse Workforce in Cybersecurity

by Editorial
March 12, 2023
Women in Cybersecurity
Features

Women in Cybersecurity: 6 Lessons Learned From Running My Own Business

by Editorial
March 8, 2023
Gender Gap in The Cybersecurity
Features

Four Ways Women Can Close The Gender Gap in The Cybersecurity Industry

by Editorial
March 8, 2023
Mel Migriño
Features

‘Men Are Allies, Not Adversaries’

by Vishwa Pandagle
March 8, 2023
Next Post
Department of Justice

White House Judiciary discusses Breach of Court Session by Foreign Actors

Comments 1

  1. Pingback: CISA Warns of Exploitation of Vulnerabilities in Zimbra

Latest Issue is Out. Subscribe Now

Download Now

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Top 10 Cybersecurity Jobs

Categories

About The Cyber Express

The Cyber Express

Cyber Security News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Events: +1 (678) 578-4140

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Tel: (678) 578-8838

Events: +1 (678) 578-4140

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cyber Security Magazine
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.