Tamara PrazakJune 3, 2020
Why Partners Should Care about Zero Trust
Zero Trust is a security strategy organizations are adopting because legacy security practices and solutions have failed to keep pace with rapid changes in IT.
Why Should Partners Care?
- Revenue Opportunity: COVID19 has accelerated remote access transformation and the market is wide-open right now. According to a recent survey, nearly one-third of businesses are considering a Zero Trust network security model, while 19% are in the adoption phase and only 8% have already implemented it.
- Operational Efficiencies for Your Clients: Zero Trust is not just a security solution, but a way to do more with less, which all your clients are currently looking for. Zero Trust is an enabler for improved business operations. High throughput, the ability to scale rapidly and vast APIs allow business operations to run efficiently, automated and without security friction.
- If You Aren’t Talking to Your Clients About It, Someone else Is: Recent events have mandated business transformation to enable massive WFH deployments, and if you are not talking to your customers about Zero Trust, then someone else is. While this used to be considered a security conversation, this is no longer about security but instead network access.
What is Zero Trust?
The term Zero Trust was coined in 2010 by John Kindervag, who was a principal analyst at Forrester Research Inc. at that time. It’s become a relevant buzz word and a concept that all partners should be familiar with.
Zero Trust is a paradigm shift toward a never trust, extensively verify mindset. This is a dramatic departure from historical security models, like a traditional VPN, which trust first, verify second.
The Zero Trust concept has gained traction in recent years as businesses realize the old perimeter-based security model is broken and cannot be fixed with legacy solutions. We’re talking about VPN technology that is nearly 25 years old and a relic in the tech world. The recent events bought upon by COVID19 have further amplified the need for improved remote access.
Two Key Components of Zero Trust
Secure Access/Zero Trust Network Access
The traditional TCP/IP approach employed by VPN solutions was based on implicit trust: connect first, authenticate second. This was a bad practice to let someone in before knowing if they were truly a user who should be granted access. Software Defined-Perimeter (SDP) which is based on Zero Trust, has flipped the traditional TCP/IP model on its head and changed from the flawed implicit trust model to the more effective secure access model to authenticate first and connect second. Just as you would check first before letting someone into your house, in very simple terms that’s what SDP does for network access.
Least Privilege is about granting the least amount of access possible for an individual to perform their job. Thus, once secure access is permitted to a user, the scope of that trust will continue to be limited. Users and devices are permitted to access only approved resources while everything else remains invisible and inaccessible. An unauthorized user cannot see other resources and therefore cannot attack them. Using granular controls, you are reducing your attack surface, while also reducing an attacker’s ability to move laterally which minimizes insider threats.
Uncovering Sales Opportunities
If your client mentions Zero Trust, you’ve just uncovered a lead! If not, here’s an easy question partners can ask their clients to start the conversation: “Do you feel comfortable with the secure access of your work from home employees?”
Remember, you don’t have to be a security expert, by partnering with the Appgate team, you’ll have access to the industry’s leading SDP solution, seasoned solutions architects and experienced cybersecurity sales reps who will sell right alongside you.
For more information, please reach out to the Appgate channel team.
Note: This blog is only a high-level primer on Zero Trust. For a more in-depth look, check out our Zero Trust analyst resources.