COVER STORY UNDERSTANDING ZERO TRUST Channel pros can play a valuable role helping customers sort through policies, procedures, and technologies en route to a comprehensive zero-trust strategy. By Samuel Greengard trusted. The framework discards the idea that it’s critical to protect a perimeter, and instead focuses on establishing fine-grained user and data controls. It incorporates con-tinuous risk assessment, the ability to un-derstand network and data in context, and the provision of legitimate access to assets from any place and at any time. Developing a zero-trust model requires a long-term perspective. “Zero trust is not a destination. It’s a journey that involves constantly reviewing and analyzing an IT framework for appropriate protections and segmentation,” explains Bruce McCully, chief security officer at cybersecurity firm Galactic Advisors. “There are vendors with great tools and technologies for tackling zero trust, but it’s ultimately about people, processes, and continuous monitoring.” Z ERO TRUST (ZT) is a concept that sounds remarkably straightforward. By trusting no one, it’s possible to protect everything, right? Not so fast. Like almost everything else in the world of cybersecurity, it’s complicated . For channel pros, sorting through zero trust and putting a zero-trust framework into motion for custom-ers can be daunting. But with the right tools and solutions, it’s possible to turn zero trust from concept to reality for your customers. Today the term “zero trust” is much hyped, carries a variety of definitions, and comprises a remarkable array of moving parts and pieces that intersect IT systems and departmental lines. “The complexity of zero trust makes it difficult to under-stand,” states Robert Boles, president of cybersecurity firm BLOKWORX. For channel pros, a starting point for navigating zero trust is to understand what it is—and what it isn’t. Zero trust is not a product or technology; it’s a framework. It does not revolve around any single vendor or approach. Although many vendors pro-mote their hardware and software as “zero trust”—and their products address key ele-ments of cybersecurity—they are simply a piece of a very large and complex ecosystem. Zero trust revolves around a key con-cept: An organization trusts only the peo-ple, devices, and data it must trust, and it constantly verifies everything that must be What ZT Looks Like The origins of zero trust date back to 2009. That’s when former Forrester analyst John Kindervag, now senior vice president at ze-ro-trust managed security provider ON2IT, introduced the idea that all network traffic should fall into the category of “untrusted.” His original model focused on three key components: accessing all resources se-curely regardless of geography, providing access only as it’s needed, and inspecting and logging all traffic to verify that users are doing what they are supposed to be doing. 18 APRIL 2022 ChannelProNetwork.com
ChannelPro April 2022: Page 18
