Q&A with Dr. Zero Trust, Chase Cunningham

In 2020, we all had to respond and adapt to the change that COVID, and an all-remote workforce mandate, to survive. The primary point of that transition was to move to a more secure yet connected enterprise. Luckily, most businesses were able to move quickly and adapt to that issue, but it wasn’t easy. Forrester predicted in January 2020 that Zero Trust would be the new global strategy that would take hold, and COVID helped to cement that. But the part of that transition that was so pivotal in the early days of the transition was the move from legacy VPNs and networking to Software-Defined Perimeter (SDP). This happened because that old approach simply couldn’t keep up and SDP provided more dynamism and flexibility. While everyone is moving to ZT, the use of SDP to help upscale and optimize ZT infrastructures should live “with” the migration away from old approaches to legacy networking and connectivity. Strategy dictates that we move to ZT and use SDP, and that can happen in conjunction with a migration from VPNs. It does not have to happen in a vacuum, totally removed from a legacy network approach.

In truth, they have already tried “expense in depth”. And it has proven to be a resource and time suck. This is not an issue of them “no trying,” it is an issue of a lack of strategic technology alignment to solve the reality of the problems we face in cyber security. Business values and benefits grow when strategy and technology are in sync. Zero Trust strategically aligns the dueling swords of security technology and business operations and makes them march in lock step towards a mutually beneficial future state.

VPNS’ are antiquated and while they may have some value for an immediate “fix”, they need to go away. They are vulnerability aggregators and are a prime target for exploitation. Moving away from them empowers users and makes security more digestible for everyone while simultaneously improving command and control of the security infrastructure.

We will continue to operate in some manner of the current situation. We will be more remote, more geographically dispersed and more BYOD. Doesn’t it make sense to leverage that move and the investments made to enable this blip in time as part of a long-term business focused security modification? Using solutions that align and enable this current situation are going to be better positioned to enable the future return to work and will ultimately benefit the operational side of the business by making security part of the user experience and a competitive capability for those that employ those technologies strategically.

Most often it is a lack of leadership. The technologies are readily available, but it is having that motivated, dedicated, focused leader that can drive the initiative forward while being diplomatic enough to engage stakeholders that is lacking. Every business leader should lead with strategy first. Zero Trust is the strategy that security leaders should be espousing and aligning to in order to be the guide point for the evolution of the security capabilities of the business.