Gartner is predicting that while 60 percent of organizations will embrace zero-trust as a starting point for security by 2025, more than half will fail to realize the benefits.
In that same timeframe, however, 80 percent of enterprises will as part of an effort to achieve operational efficiency, adopt a strategy to unify web, cloud services and private application access via a single security service edge (SSE) solution, the market research firm predicts. Benefits of that approach include tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted, notes Gartner.
There’s clearly a major transition underway in terms of how cybersecurity is achieved and maintained. In theory, zero-trust IT creates a framework that requires all users, applications and machines accessing a network to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or allowed to maintain access.
SSE solutions, as a subset of secure access service edge (SASE) platforms, typically are based on a secure web gateway (SWG), a cloud access security broker (CASB) and tools for governing network access. That capability is, of course, foundational to any approach to creating and maintaining a zero-trust IT environment.
Zero-trust IT is hardly a new idea. The challenge is achieving that goal using software versus trying to implement it by locking down hardware. The latter approach has already been tried with limited success. End users today expect IT and cybersecurity teams to be able to ensure security without adversely impacting their application experience.
This can be challenging, however, in the wake of COVID-19 when there are more remote workers than ever before. In many cases, achieving zero-trust will only be possible when relying on a managed service provider (MSPs) that has the resources and expertise required to master all the layers of cybersecurity and networking technologies required.
At the same time, most MSPs will find it more expedient to deliver those services via the cloud given the simple fact that users are now routinely trying to access applications both from home, in the office and everywhere in between. The days when most end users could be protected behind a network firewall are now over.
The most critical issue for MSPs, naturally, is finding the right set of technologies to enable the delivery of managed zero-trust IT solutions at an affordable cost. Almost any IT solution can be delivered. The hard part is achieving that goal at a price point customers can afford, while leaving enough margin for the MSP to be profitable as competition inevitably turns more of the services being provided into a commodity.
It may still be early days as far as the transition to zero-trust IT is concerned but making the right decision today will have lasting repercussions for MSPs down the road. After all, only more expensive than adding a new service to a portfolio is replacing it after customers have been relying on it at scale in production environments.
Photo: Fit Ztudio / Shutterstock