Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As we look ahead to 2022, we should pause to reflect on the trends of the past year. Ransomware and supply chain attacks have become two of the top concerns for organizations following a series of high-profile attacks, such as those conducted against Colonial Pipeline, SolarWinds and Kaseya. In 2021, our Project Memoria revealed close to 100 different vulnerabilities in common TCP/IP stacks, affecting hundreds of operational technology (OT) vendors.

Executive Order 14028 on Improving the Nation’s Cybersecurity was released in May with nine sections outlining specific focus areas for security improvements. As we noted at the time, Netskope applauded the EO for how it placed significant emphasis on zero trust security adoption, mentioning it no fewer than 11 times, and insisting on proactive action.

Enterprises have traditionally relied on perimeter network security to keep attackers out and protect their organizationally unique sensitive data and resources. This approach works on the principle “verify, always trust” wherein authenticated users inside the network are trusted by default and allowed unfettered access. With the shift to cloud-native architecture, perimeter-based defenses have become obsolete and leave systems inherently vulnerable to malicious actors.

Kevin Kerr, Lead Security Principal Consultant at Trustwave, participated in a discussion on Zero Trust with Steve Riley, Field CTO at Netskope during SASE Week 2021. The importance of Zero Trust is derived from how it functions. Instead of focusing on protecting a physical network, a Zero Trust network works by focusing on securing the resources that reside on or have access to the network such as data, identities, and services.

In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result seems like a positive outcome since we don’t often get such a unanimously high confidence level in a specific security approach from survey data.

More than a year of near-universal remote work has proven that many of us can reliably stay productive from anywhere — whether it be from home, co-working spaces or otherwise. Businesses have caught wind of this, and according to IDC, 60% of them will continue with remote work or implement a hybrid model even after they reopen their offices again. This calls for a paradigm shift in the way we conduct cybersecurity.

When the Biden Administration released its Cybersecurity Executive Order in May 2021, it was clear that Zero Trust would be a central component of the government’s security approach moving forward. Agencies and their partners scrambled to assess their existing Zero Trust investments and the gaps that would need to be filled in order to quickly ramp up implementation.