In a rush to digitally transform, enterprises are embracing mobile, smart devices, machine learning, and new, more agile methods of application development, deployment, and management. Never have companies faced so much technological change.
The transformation isn’t just about new mobile apps and intelligent new features, however. The changes run deep into the enterprise’s core with emerging cloud platforms and microservice architectures working with more static legacy systems. “This creates a lot of challenges when it comes to managing systems across the enterprise, especially when it comes to security and access management,” says Scott Crawford, information security research head at 451 Research, a part of S&P Global Market Intelligence. How can organizations make certain that systems and people can only access the right systems and data?
There’s no easy answer. With the increased interconnectivity and dynamic nature of computing across disparate cloud platforms, and cloud services, microservices, and software components, how enterprises decide whether they can trust users or systems to connect to any given resource at any given time has grown markedly complex. How can a user be trusted when attempting to perform an action? And with increased automation, how can a server, workload, or software component be trusted to connect between cloud systems and legacy on-premises systems?
More enterprises are turning to zero trust. Zero trust is a philosophical approach to identity and access management, establishing that no user or software action is trusted by default. In other words, authenticate everything. Zero trust demands that all users, devices, and application instances must prove they are who or what they purport to be and that they are authorized to access the resources they seek.
Enterprises are investing in the tools and services that enable zero trust. According to MarketsandMarkets, the zero-trust market will reach nearly $39 billion by 2024, up from roughly $16 billion in 2019—an annual growth rate of 20%.
In modern multicloud and microservice environments, traditional means of authenticating once and trusting indefinitely don’t hold up. At any moment, new workloads and software services can call upon any resource to perform some task. “In non-zero-trust environments, once a user or device was inside, connectivity between resources was trusted,” says Colin I’Anson, a Hewlett Packard Enterprise fellow. “Now, with zero trust, we’re not willing to do that. We want to authenticate in real time and to a much more granular level, and to access, any workload or functionality entities have to prove who they are.”
How is zero trust achieved? Enterprises must authenticate users, workloads, and data and continuously monitor that access for anomalies.
That’s easier written than done in modern enterprises with dynamic and hybrid architectures. A critical step in achieving zero trust among users and systems is to standardize and automate the zero-trust authentication processes whenever possible. This is something that is especially suited for cloud-native environments.