Skip to main content
Enterprise Computing Solutions
Enterprise Computing Solutions
Arrow Electronics, Inc.
  1. Home
  2. Resources: Channel Advisor
  3. Resources
  4. Why the zero-trust security movement is gaining ground
Ice_Covered_Ground_Closeup
Article

Why the zero-trust security movement is gaining ground

October 19, 2021 | Robert Neal

Traditional network security controls no longer cut it

To build better relationships and ensure business is moving forward, trust is a must. However, at a time when security incidents and breaches remain high, businesses are increasingly implementing zero-trust security. More than just a buzz phrase, zero trust has become prevalent in modern-day businesses, particularly as the edge is extending with more employees than ever working outside their company’s four walls. 

Consider the changing business environment. Employees bring their own devices to the job and/or are working remotely. Data is increasingly shared with people outside the corporate network, such as vendors and other collaborators. Cloud applications have also extended the network. 

As data moves its way through various devices, apps and endpoints, organisations must extend their control to wherever their data resides. Companies should trust no one — enter zero trust — without proper identification and authentication. 

Let’s explore the history of the movement and reasons to consider going all in on zero trust, also sometimes referred to as perimeter-less security. 

Out with old security measures, in with the new 

Traditional network security is built around the castle-and-moat concept in which those inside the castle walls are trusted by default, while those outside the moat — or network — face difficulties obtaining access. It sounds good in theory; however, when a potential attacker gains network access, they can now do whatever they want. This concept no longer works, particularly since security breaches are often caused by insiders, accidentally or not. 

In 2010, Forrester research analyst John Kindervag came up with the term “zero trust,” citing that companies must verify anyone and everything that tries connecting to a network before accessing it. Regardless of whether they are already inside the “castle.” 

Since that time, as data permeates across various cloud vendors and with so many people working remotely, the zero-trust concept continues to gain traction. In fact, Cybersecurity Insiders’ Zero Trust Adoption Report reveals 78% of IT security teams are considering adopting a zero-trust network access model. 

Unpacking what zero-trust security is 

Zero-trust security is an ongoing verification process that occurs whenever a user/device tries to gain access or connect to a business’ network. By analysing several pieces of information to confirm a potential user’s identity before granting network access, this trust-nobody approach enables companies to better defend against leading causes of cyber-attacks and other breaches. Think user impersonation, stolen credentials, password recycling, data breaches and opening rogue emails or texts, for instance. 

 

According to a Gartner analyst, “Zero trust is a way of thinking, not a specific technology or architecture. It’s really about zero implicit trust, as that’s what we want to get rid of.” 

Steps for building a zero-trust network 

The zero-trust concept was developed to undertake current and future security threats and assumes that no person, device or service should be trusted, whether inside or outside the network. It doesn’t care who the users are or what titles they hold. 

Rather, it assumes the network is hostile, with internal and external network threats prevalent at all times. And that every device, user and network flow must be authenticated and authorised. 

Steps IT security teams should take in building such a network include: 

  • Identifying who is trying to connect to a network and with what device. 
  • Creating controls for application, file and service access and providing secure access to their locations. 
  • Arranging tools to monitor the network and device behaviour, 24/7/365. 
  • Evaluating in-office and remote access to ensure ongoing security and authentication, such as using multi-factor or biometric authentication. 

Is zero trust right for you and your customers? 

Adopting a zero-trust security model might sound complex or something that could be outside IT solution and service providers’ parameters. However, Arrow has more than two decades of experience in security and helping providers like you bolster your and your customers’ security needs. 

Arrow can help you figure out which cyber security vendor can best meet your customers’ security needs and whether a zero-trust model is the best bet. Contact us to learn more. 

Meet the author

Robert Neal, Head of Cybersecurity Alliances, EMEA

Robert Neal

Head of Cyber Security Alliances EMEA

Robert Neal has 25 years of experience in the IT industry, specialising in cybersecurity and network infrastructure. Robert spent 18 years with Juniper Networks managing channel partners and distributors, and more recently served as sales director for the UK developing strategic relationships across government and large enterprise customers. He leads Arrow’s EMEA Cybersecurity Alliance team with a focus on security solutions, data integrity and compliance. Robert has worked with distributors, vendors and resellers and has a deep understanding of the IT channel.

Blockchain_Cyberattack
Managing the unmanaged: Reconsidering your security posture

Explore how to cope with today's wide variety of security issues.

Managing the unmanaged: Reconsidering security posture in a new normal
A man driving a car in the night city
Artificial intelligence: A double-edged sword for security

AI is being deployed to ensure the security of systems, but it can threaten enterprises and be manipulated for unauthorized purposes.

Artificial intelligence: A double-edged sword for security