Must Read: Download Forrester's complimentary guide[1] to learn how and why Zero Trust is the best way to defend your business.
I get asked two questions at least weekly, in some cases almost daily:
- Where do we start for Zero Trust? Fix your IAM and user side of the equation.
- What is the difference between other frameworks and Zero Trust? OK, now we can get down to the nuts and bolts on this one.
Zero Trust turned 10 years old this year. John Kindervag's research and analysis of enterprises uncovered that dangerous assumptions of "trust" had become an essential part of the network. He realized that the human emotion, trust, was more than a simple flaw; it represented a major liability for enterprises' networks that would lead to failure over and over again in the years to come.
Since 2010, attackers have breached thousands of companies, stealing billions of records. Some companies went out of business, some governments suffered geopolitical setbacks that would take years to unravel, and many citizens have lost faith in the integrity of their countries' electoral procedures. And none of those exploits or breaches ever required attackers to use their most sophisticated skills or techniques. Most of them began with the failure of a few basic security controls and the inevitable lateral movement of attackers.
Also: Mueller report confirms the worst: National sovereignty is at risk worldwide[2]
Zero Trust wasn't born out of a need to sell another security control or solution. It was born from a desire to solve a real enterprise issue. And just as the threat landscape and the challenges have evolved over the last 10 years, Forrester has worked to build out the original concept into a simple framework we call ZTX, or Zero Trust eXtended.
Our framework solves the architectural and operational issues with Zero