Intelligent CISO Issue 43 | Page 41

EXPERT OPINION

Zero Trust or just untrustworthy ? Exploring Zero Trust fears

Zero Trust is an approach where you assume you ’ ve been breached and operate as though attackers already have access to your environment . Trevor Dearing , EMEA Director of Technology at Illumio , clears up some of the general fears surrounding this approach to cybersecurity .
Trevor Dearing , EMEA Director of Technology at Illumio ven before

E the pandemic , implementing Zero Trust architecture was at the top of the agenda for a growing number of organisations as they pursued Digital Transformation strategies .

In today ’ s remote world , with just four in 10 UK workers wanting to return to the office full time , it has become a necessity for keeping increasingly dispersed networks secure , especially with ransomware on the rise .
In fact , recent research by Illumio found that an overwhelming 98 % of UK business leaders and IT decision-makers are either already implementing a Zero Trust strategy , or plan to do so soon . The research found that the leading reasons for those that have already adopted a Zero Trust approach were either because it was part of a wider strategic refresh on security infrastructure , or to improve the business ’ agility through Digital Transformation .
Most decision-makers cited greater confidence in securing critical assets and reduced risk exposure as the greatest benefits to implementing Zero Trust strategies .
However , the road to Zero Trust can often be challenging . Although it ’ s at the top of the agenda for security decision-makers , other personnel – board-level executives and the general workforce alike – may not be familiar with what Zero Trust actually means . As a result , there are a number of technical and cultural obstacles that can slow down implementation . So , what are the barriers ?
Technical and monetary challenges
Implementing business change is always a complicated task and around 80 % of respondents said they had had at least some form of technological or operational issues in pursuing Zero Trust . The most common issue was legacy systems that could not readily be upgraded to the new approach . This puts companies in a difficult position as completely overhauling systems will invariably be more resource- and cost-intensive than simply being able to integrate them , and it can be easy to fall into the ‘ sunk-cost fallacy ’ of being reluctant to throw out a previous investment .
Similarly , cost was another leading barrier , with 22 % stating that the process was too expensive and they lacked the budget . A similar number www . intelligentciso . com
41