2020 showed that organizations everywhere are under attack more than ever before. The first half of the year alone saw more attacks than all of 2019 combined – and there is no sign that will slow down in 2021.
With trends like work from anywhere, supply chain vulnerabilities and billions of newly connected IoT and OT devices, traditional perimeter security is no longer enough to defend against this rising tide of threats. Instead, we need to start from the philosophy that all assets, including users, devices, application, workloads and data, are inherently risky and secure them as such – also known as Zero Trust.
While most security leaders say they are already leveraging at least some Zero Trust principles, many more still have a long way to go. With the below trends in mind, organizations should consider what steps they can take to mature their organization’s approach to Zero Trust, if they have not already:
Volume and Diversity of Devices
Networks today are being overwhelmed by the sheer volume and diversity of devices. Between BYOD and guest endpoints, IoT devices and operational technology (OT) systems, there are literally billions of devices connecting every year to enterprise networks around the world. In total, Gartner predicts there will be 25 billion devices connected around the world by the end of 2021, many of which will be reconnecting to the office after an extended absence during work from home.
Many of these devices are considered to be un-agentable, meaning the tools security teams used to use to secure them no longer apply. Enter Zero Trust. With the right Zero Trust tools, security leaders can easily ensure they have full visibility into this new device landscape, implement network controls and dynamically segment and isolate all managed, unmanaged and IoT devices.
Supply Chain Vulnerabilities
In 2020, we saw a number of incidents that showed the vulnerability of our technology supply chain. Attacks on companies like SolarWinds highlighted the significant risk created by any piece of software welcomed into your environment. What’s more, disclosures like Ripple20 and AMNESIA:33 showed that the very foundational components of millions of connected devices are vulnerable.
The lesson? Nothing – not even the software or devices you thought were most secure – can be trusted. By implementing least-privilege principles and segmentation, Zero Trust helps better secure your environment against these vulnerabilities and limits the blast radius of any successful attacks.
Work from Anywhere
The rapid shift to remote work due to the pandemic forced companies around the world to accelerate their digital transformation efforts. Today’s enterprises increasingly rely on cloud-based services and other technologies that live outside of the traditional network perimeter. On top of that, devices that were once kept inside of the corporate office are now connecting from the home office or kitchen table.
However, this is more than just a short-term shift as an increasingly number of companies are considering making the transition to remote work permanent. In this world, many devices may never even touch a corporate resource, even as they gain necessary access to critical assets and networks.
Perimeter security defenses that default to high trust levels on the internal network are ill-suited for this remote enterprise world. This is where Zero Trust comes in.
Zero Trust allows organizations to implement continuous assessment and enforcement against 100% of these remote devices connecting to their corporate networks and automate control implementation across heterogeneous networks.
Visit our page on Zero Trust to learn more about how Forescout can help your organization adapt to these market trends and implement the 100% device visibility and control needed for Zero Trust across your edgeless enterprise.