Zero Trust Is A Next Big Paradigm Shift In Cybersecurity

The Zero Trust Model has often been mentioned in cybersecurity industry lately, emerging as the core strategic approach for businesses.
Moreover, Zero Trust(ZT) mandates the principle of "never trust, always verify", which requires organizations granting least privilege access
based on thorough identity verifcation when someone requests access to the company's network and internal data.

▲ Traditional Perimeter-Based Security Model VS. Zero Trust Security Model

*Source: National Institute of Standards and Technology(NIST), "Zero Trust Cybersecurity: Never Trust, Always Verify"

Unlike traditional perimeter-based security, ZT regards 'trust' vulnerable to security threats.
In contrast to the conventional approach, it mandates, even if you are a trusted user in the company network,
it requires you to still authenticate and validate your identity every time you access corporate resources,
taking into account that you could be a hacker.

With the rising trend of ZT, many global corporates such as Coca Cola, Netflix, and Google have embraced it in their security systems.
Furthermore, in the U.S., the government bodies also require to establish Zero Trust-based security policies
including Multi-Factor Authentication(MFA), encryption, and user monitoring, which accentuates the importance of Zero Trust at the national level.

The importance of ZT is widedly being recognized around the world,

▲ Source: Okta, The State of Zero Trust Security in Asia Pacific 2021

According to the State of Zero-Trust Security in Asia Pacific (APAC) report commissioned by Octa, the global cloud sevice provider,
while not many organizations outside of the Global 2000 have adopted a ZT security approach,
nearly all respondents in APAC(96%) showed plans to embrace the initiatives in the future.
This indicates that many recognize ZT as an essential security strategy for business.

Why is ZT critical for the remote work era and why is it important?
With a growing number of employees remotely accessing the company network,
the internal resources become more vulnerable to cybercrime of all kinds.
Consequently, let's take a closer look at the main reasons.

As more remote employees access corporate systems with a wide range devices, such as laptops and smartphones from outside the company,
security attacks targeting these employees and devices are also hiking.
Thus, it's time to move beyond the traditional perimeter-based security belief that "any user or device on the company network is safe."

Today, using VPNs is commonly seen in most organizations along with the trend of remote working.
A VPN is an encrypted tunnel that connects a corporate server to the devices used by remote workforce.

By authenticating the ID and password, it will grant access to the 'tunnel'. But what if your ID and password is hacked?
This can cause serious fraud, such as that by penetrating your company's system, sensitive data could be leaked
or malware can be uploaded on your devices, or even get you tricked into accessing scam websites.
This is precisely where the need for Zero Trust comes in, to tackle security risks associated with VPNs.

Compared to before the pandemic, the use of Saas-based work tools and Iaas-based cloud systems such as Amazon AWS has increased exponentially.
Consequently, as the connection points between external cloud systems and in-house systems surged,
it has gotten trickier for corporate security managers to handle security vulnerabilities.
As a result, there is a growing consensus that enforcing Zero Trust(MFA, least privilege, timeout in access, user monitoring, etc.)
for individual users and devices is more efficient to build a reliable security system.

As many businesses are expected to continue remote working system in the post-Covid-19,
it is inevitable to embrace Zero Trust Security initiatives in response to the changing work environment.
Moreover, it is said that Zero Trust corporate security system can be implemented without completely changing the current setup
by choosing the right solution with strong security.