Zero trust

Zero-trust misrepresentation by vendors evaluated

Numerous cybersecurity vendors have been mistakenly marketing their offerings as zero-trust systems, VentureBeat reports. "We've seen this time and again. In reality, there are precious few ZT-specific technologies: zero-trust network access (ZTNA), microsegmentation and PIM/PAM [privileged identity management/privileged access management]. Many other techs, like identity and access management [IAM], network automation and endpoint encryption can be used in support of zero trust, but they arent ZT, by themselves. A good rule of thumb is that if the vendor didn't design the product to be ZT, it isn't," said Forrester Senior Analyst David Holmes. Such misrepresentation of zero-trust should prompt the implementation of benchmarks, including the compatibility of human and machine IAM and PAM with the platform of the vendor, the support their zero-trust platform gives to ongoing cyber investments, vendors' support to a risk-based zero trust approach, platforms' and architectures' compliance to the NIST 800 standard, and the integration of zero trust in DevOps and systems development lifecycles, Holmes added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.