Numerous cybersecurity vendors have been mistakenly marketing their offerings as zero-trust systems, VentureBeat reports.
"We've seen this time and again. In reality, there are precious few ZT-specific technologies: zero-trust network access (ZTNA), microsegmentation and PIM/PAM [privileged identity management/privileged access management]. Many other techs, like identity and access management [IAM], network automation and endpoint encryption can be used in support of zero trust, but they arent ZT, by themselves. A good rule of thumb is that if the vendor didn't design the product to be ZT, it isn't," said Forrester Senior Analyst David Holmes.
Such misrepresentation of zero-trust should prompt the implementation of benchmarks, including the compatibility of human and machine IAM and PAM with the platform of the vendor, the support their zero-trust platform gives to ongoing cyber investments, vendors' support to a risk-based zero trust approach, platforms' and architectures' compliance to the NIST 800 standard, and the integration of zero trust in DevOps and systems development lifecycles, Holmes added.