With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations.
Historically, enterprise data was stored inside data centers and guarded by perimeter-based security tools. But with users using endpoints and networks your IT teams don’t manage, this approach has become antiquated.
To combat this new reality, organizations have turned to tactics such as relying on device management and antivirus software, as well as single sign-on and multi-factor authentication. Some vendors have even begun to claim these measures as a form of Zero Trust, a popular idea where organizations should not trust any entity and provide access to its applications and data until its risk levels are verified.
In this blog, I will break down what is and what isn’t Zero Trust.
Four key “just becauses” of Zero Trust
While most of us understand Zero Trust conceptually, the path to Zero Trust is a complex and constantly evolving journey. As I discussed in a previous Zero Trust blog, there is no silver bullet to achieve Zero Trust, but there are ways for us to visualize and apply it to day-to-day IT and security operations.
To figure this out, I recently invited Andrew Olpins, a solutions engineer at Lookout, onto our latest Endpoint Enigma podcast episode. We cut through all the marketing noise and discussed whether there’s a pragmatic way to get started with Zero Trust. Here are a few takeaways from our conversation: