This article is part of a VB special issue. Read the full series here: Zero trust: The new security paradigm.
With remote work exploding amid the COVID-19 pandemic, zero trust has become a security process that enterprises depend on to protect hybrid working environments.
Yet while so many organizations are looking to embrace zero-trust networking, many are getting it wrong, implementing limited access controls or turning to “zero trust in a box” solutions.
Research shows that, according to one report, 84% of enterprises are implementing a zero-trust strategy — but 59% say they don’t have the ability to authenticate users and devices on an ongoing basis and are struggling to monitor users post-authentication.
In addition, Microsoft notes that while (according to another report) 76% of organizations have started implementing a zero-trust strategy, and 35% claim to have it fully implemented, those claiming to have achieved full implementation admit they haven’t finished implementing zero trust steadily across all security risk areas and components.
Although these may seem small oversights, they can increase an organization’s exposure to risk significantly. A recent IBM report found that 80% of critical infrastructure organizations don’t adopt zero-trust strategies, which increased their average data breach costs by $1.17 million compared to those enterprises that do.
False zero-trust promises and vendor lingo
One of the most significant reasons that enterprises are getting zero trust wrong is that many software vendors use marketing that misleads them, not just about what zero trust is, but how to apply it, and whether certain products can implement zero trust.
All too often, these marketing practices trick CISOs and security leaders into thinking zero trust can be purchased.
“There’s a couple of mistakes a lot of people make in zero trust. First, and probably most common too, is approachin …