Chase CunninghamJanuary 7, 2021
Q&A with Dr. Zero Trust, Chase Cunningham
We recently asked a few questions to Dr. Chase Cunningham, the leading authority on Zero Trust strategy. Hear what Dr. Zero Trust had to say based on his extensive research and discussions with practitioners. You can hear more from Chase through this on-demand webinar: Secrets to Achieving Zero Trust in 2021
- Most organizations have lots of sunk costs in old technology. How can a Zero Trust initiative co-exist within this infrastructure even as the organization begins to transition away from it?
In 2020, we all had to respond and adapt to the change that COVID, and an all-remote workforce mandate, to survive. The primary point of that transition was to move to a more secure yet connected enterprise. Luckily, most businesses were able to move quickly and adapt to that issue, but it wasn’t easy. Forrester predicted in January 2020 that Zero Trust would be the new global strategy that would take hold, and COVID helped to cement that. But the part of that transition that was so pivotal in the early days of the transition was the move from legacy VPNs and networking to Software-Defined Perimeter (SDP). This happened because that old approach simply couldn’t keep up and SDP provided more dynamism and flexibility. While everyone is moving to ZT, the use of SDP to help upscale and optimize ZT infrastructures should live “with” the migration away from old approaches to legacy networking and connectivity. Strategy dictates that we move to ZT and use SDP, and that can happen in conjunction with a migration from VPNs. It does not have to happen in a vacuum, totally removed from a legacy network approach.
- How should InfoSec leaders talk about the business value of Zero Trust to internal stakeholders to get buy in?
In truth, they have already tried “expense in depth”. And it has proven to be a resource and time suck. This is not an issue of them “no trying,” it is an issue of a lack of strategic technology alignment to solve the reality of the problems we face in cyber security. Business values and benefits grow when strategy and technology are in sync. Zero Trust strategically aligns the dueling swords of security technology and business operations and makes them march in lock step towards a mutually beneficial future state.
- Organizations that embrace Zero Trust are increasingly moving to create a VPN-less user experience. What advice do you have for InfoSec teams embarking on a VPN replacement initiative?
VPNS’ are antiquated and while they may have some value for an immediate “fix”, they need to go away. They are vulnerability aggregators and are a prime target for exploitation. Moving away from them empowers users and makes security more digestible for everyone while simultaneously improving command and control of the security infrastructure.
- COVID-19 led to mass remote workforce initiatives during 2020 and highlighted the limitations of old technology, like VPNs. What are some lessons learned that InfoSec leaders can use to accelerate their journey to Zero Trust?
We will continue to operate in some manner of the current situation. We will be more remote, more geographically dispersed and more BYOD. Doesn’t it make sense to leverage that move and the investments made to enable this blip in time as part of a long-term business focused security modification? Using solutions that align and enable this current situation are going to be better positioned to enable the future return to work and will ultimately benefit the operational side of the business by making security part of the user experience and a competitive capability for those that employ those technologies strategically.
- What is the most common roadblock organizations encounter when implementing a Zero Trust strategy and how can they overcome it?
Most often it is a lack of leadership. The technologies are readily available, but it is having that motivated, dedicated, focused leader that can drive the initiative forward while being diplomatic enough to engage stakeholders that is lacking. Every business leader should lead with strategy first. Zero Trust is the strategy that security leaders should be espousing and aligning to in order to be the guide point for the evolution of the security capabilities of the business.
Additional Zero Trust Resources
2020 Forrester ZTX Wave
Claim Your Copy
Forrester scores Zero Trust vendors based upon a 19-criterion evaluation, of which Appgate was named a Wave Leader. Get a complimentary copy of the report to learn where Appgate scored highest.
Zero Trust Network Access Demo
Dr. Cunningham uses Appgate SDP to demonstrate Zero Trust for remote access.
Zero Trust Video Series, ft. Forrester
In this podcast series, listen to Appgate and special guest Dr. Chase Cunningham, VP and Principal Analyst at Forrester Research, discuss practical ways to achieve immediate and long-term gains toward Zero Trust.