FeatureOver the last several years, ransomware, data breaches, and other cyber campaigns have been hugely disruptive and cost organisations and governments millions. In response, the Biden administration issued an executive order in May of 2021 to implement a Zero Trust security architecture across the federal government. While recent reports from the US Government Accountability Office, GAO show some agencies are on track, others appear to be falling behind.
When governments need to move quickly and cut across organisational boundaries, they often appoint a czar to take charge of a particular program and see it through to implementation or execution.
The challenge however is that in many organisations, responsibility for networking and security live in different parts of the organisation and these groups often rely on different vendors in their respective areas. Breaking down the silos between security and networking teams and choosing the right tools, products, and vendors to align with desired business outcomes is critical to implement zero trust in larger enterprises.
Some of the biggest highlights from 2022 include:
- Google was the #1 most popular service of the year according to Cloudflare data. The search giant beat out Facebook, #2, Apple and TikTok, tied at #3 and YouTube, #5.
- Facebook was the most popular social media service of 2022, followed by TikTok in the #2 position. Instagram, #3 overtook Twitter, #4 in the Social Media category: the photo and video sharing app knocked Twitter from 3rd place in August.
- Worldwide Internet traffic surged in late November as the FIFA World Cup got under way and holiday shoppers made Black Friday the busiest day online in 2022.
- In 2022, more phishing emails originated from the United States than the next 22 countries combined.
- Iran shut down the Internet more than any other country with 60 observed Internet blackouts this year, accounting for one third of all Internet shutdowns that Cloudflare analysed.
Cloud will carry compliance
Companies must now understand and comply with this patchwork of regulations as they do business globally. How can organisations hope to stay current and build compliance into their applications and IT systems?
Majority of cloud services will soon come with compliance features built in. The cloud itself should take the compliance burden off companies. Developers shouldn’t be required to know exactly how and where their data can be legally stored or processed. The burden of compliance should largely be handled by the cloud services and tools developers are building with.
In many organisations, responsibility for networking and security live in different parts of the organisation
Networking services should route traffic efficiently and securely while complying with all data sovereignty laws. Storage services should inherently comply with data residency regulations. And processing should adhere to relevant data localisation standards.
Death of the password
Username and password authentication even when combined with common forms of multi-factor authentication is just not enough anymore. Enterprises can enable stronger FIDO2-compliant security keys along with zero trust access today.
But the best way to protect most users and their credentials may be to remove the burden on the end user altogether. The FIDO alliance envisions passwordless sign-in everywhere. Logins will use your face or fingerprint instead of the old username-password combo. A FIDO sign-in credential, sometimes called a passkey, will make it easier on users and harder on the attackers.
Breaking down silos between security and networking teams to align with business outcomes is critical to implement zero trust in larger enterprises.
If there is no password to steal, hackers will not be able to harvest credentials to carry out their attacks. Many websites and applications will adopt passwordless login using the FIDO Alliance passkey standard beginning in 2023.
Remote browsers
Browser Isolation is a clever piece of technology that essentially provides security through physical isolation. This technique creates a gap between a user’s web browser and the endpoint device thereby protecting the device, and the enterprise network from exploits and attacks. Remote browser isolation takes this a step further by moving the browser to a remote service in the cloud. Cloud-based remote browsing isolates the end-user device from the enterprise’s network while fully enabling IT control and compliance solutions.
When governments need to move quickly, they appoint a czar to take charge of a particular programme
Some say in this remote browsing model that the browser is the device. Instead of BYOD, it might be appropriate to call this BYOB or Bring Your Own Browser. Most companies are looking to better balance the security and privacy needs of the company with the user experience and convenience for employees. Remote browser isolation will be embraced broadly as IT leaders become more aware of the benefit and just how well it works.
Chief Zero Trust Officer
As pressure to implement zero trust intensifies, a role analogous to a Chief Zero Trust Officer will emerge within some large organisations. This person will be the zero-trust czar for the enterprise and will be the individual responsible for driving a company on its zero-trust journey. Their job will be to bring together siloed organisations and vendors and ensure that all teams and departments are aligned and working toward the same goal.
If resistance is encountered, the zero-trust czar should have the backing of senior leadership, CIO, CISO, CEO, Board of Directors to make decisions quickly and cut across organisational boundaries to keep the process moving ahead. Whether the very bold title of Chief Zero Trust Officer becomes reality or not, an empowered individual with a clear mandate and a singular focus may just be the key to getting zero trust across the finish line in 2023.
