As zero trust heads into its teens, a combination of headline grabbing breaches and hybrid workplace practices have highlighted the need for verify then trust solutions to secure an organization’s people, processes, and technologies. The use cases are ubiquitous. 96% of security decision-makers say zero trust is critical to their enterprises’ success, according to a Microsoft report. It’s also a bright spot driving investments into the identity and access market. Here’s a look at why organizations need zero trust more than ever and where the sector is going.
What Are The Pieces Of Zero Trust?
The definitive technology standards body, NIST, outlines 7 tenets for achieving a zero trust architecture in its Special Publication 800-207. Bryan Green ‒ then CISO of Zscaler Americas, now at Andreessen Horowitz ‒ summed up how rubber meets road in his RSA 2023 talk: all data and compute are resources, secure all communications, access is session specific with least privilege, dynamic policy determines access, continuous monitoring, enforce strict authentication and authorization before granting access, and use telemetry to improve policy enforcement.
Identity As The Workhorse of Zero Trust Architecture
The thread that binds these tenets into an architecture is a context rich identity fabric. This is the workhorse that vets the degree of trusted access a human or machine gets in a given situation across any part of an organization’s owned or borrowed infrastructure. The COVID shutdowns turned the corporate network hybrid with users pushing further into the edges and third party clouds. This shift shattered the longstanding model of a firewalled perimeter separating the untrusted exterior from the trusted interior no longer applied. As supply chain breaches like SolarWinds and social engineering attacks like those against Caesars and MGM repeatedly demonstrate, no identity can be implicitly trusted.
Identity Makes Zero Trust Work In A Hybrid World
“In the 2020s, the [longstanding] network security model broke,” said Green. “Trust is being reimagined” by constant connectivity of anything anywhere.
Organizations’ increased reliance on the cloud requires strongly authenticated identity to make zero trust work. In this perimeter-less environment, “zero trust is a dynamic trust boundary ‒ short-lived, tightly scoped, enforced by policy, informed by trust signals and telemetry,” Wolfgang Goerlich, Advisory CISO, Cisco, explained in his RSA talk Conducting a Pre-Mortem on the Next Zero Trust Breach.
“Identity is the foundation for zero trust access in a digitally connected world where citizens, customers and corporate employees engage from all over the world, 24/7,” said Bobby Wolfe, the Co-head of Houlihan Lokey’s Cybersecurity Investment Banking team.
At the technology level, identity-based access “is one integrated access management platform that will do access management across all the resources, apps, on-premise apps, cloud apps, servers, privileged accounts and also do the governance reporting,” said Todd McKinnon, CEO and Co-founder, Okta OKTA on an earnings call.
Funding And M&A Deals Abound
John Kindervag, Illumio’s Chief Evangelist, who coined “zero trust” in 2010, is optimistic about the future of both identity innovation and zero trust adoption. “Every company I’ve spoken to in the last 3-5 years is working toward zero trust in some capacity,” he noted. “Identity is going to get better over time. The goal is to do identity better and make it easier for organizations to leverage and implement – that’s what the industry is working toward.”
The identity space grew despite 2022’s overall slowdown. Global investment bank Houlihan Lokey counted 44 M&A deals that year, notably the acquisitions of ForgeRock, SailPoint, and Ping Identity, totaling $13.2 billion in disclosed transaction value. In another encouraging sign, 46% of funding went to seed rounds and 22% to series A rounds. That the lion’s share of equity funding in 2022 went to early stage companies signals more identity innovation to come as founders race to build the next generation of identity-centric access tools to secure a hybrid world where zero trust is key.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.