DEV Community

Cover image for Making Sense of the Zero Trust Cybersecurity Product Space
Mike P
Mike P

Posted on • Edited on

Making Sense of the Zero Trust Cybersecurity Product Space

Alt Text

This is the inaugural post for the Cybersecurity Market Insights newsletter!

A popular topic as of late, Zero Trust, can mean many different things to many different people. Let’s break this down further and understand both sides of the market.

Terms You Might Also Hear

  • Microsegmentation
  • Zero Trust Security
  • Zero Trust Architecture
  • Zero Trust Network
  • Zero Trust Network Access
  • Zero Trust Principles
  • Zero Trust Execution
  • Secure Access Service Edge (SASE pronounced “sassy”)
  • Application Perimeter
  • Cloud Workload Protection

Problem Statement

  • Traditional company networks are built like an M&M - hard shell on the outside, smooth on the inside. Networks have a firewall perimeter for security to keep bad guys out, but fewer security controls inside the network.
  • Everyone inside is “trusted” by default. If an attacker breaches the network in this model, they can easily exploit other systems and steal data because of fewer restrictions.
  • With companies doing more with mobile and cloud services via Digital Transformation, the concept of a perimeter you can protect yourself disappears and trust becomes even more important.

Market Solution

  • Enter Zero Trust. “Zero trust” means that no one “entity” is trusted by default from inside or outside the network.
  • It’s an alternative network and application design with a security model that isolates computer networks, systems, and users from one another.
  • No users, no systems, no applications, and no workloads are to be trusted, internally or externally, to the business environment.
  • Isolation stops bad guys who get at one system or one piece of sensitive data from getting at others because all systems and resources are locked down by default.

Players in the Space

Product Space Predictions

  • Cybersecurity professionals will continue to push for zero trust principles. This will, in turn, drive demand up for professionals with experience in this space. Where there is a demand for professionals in a specific discipline, product companies will follow quickly behind to either enhance or subvert the talent needed.
  • Digital Transformation initiatives at companies are changing cybersecurity landscapes and associated threats and are creating more desire for zero trust solutions.
  • High tech companies like Google, Netflix, etc., will implement versions of zero trust principles that the product industry will mimic.
  • The cybersecurity product industry will set zero trust as a base expectation - experts and vendors alike will cite that future breaches can be avoided by implementing zero trust principles.
  • Regulators will catch on to zero trust and start asking questions. Soon they will cite deficiencies for not having zero trust principles implemented. Internal Audit teams will do the same.
  • Cybersecurity budgets at large companies will continue to surge and this will be a significant portion of spending.
  • Differentiation among product players will become more of a challenge.

“The only way to get to zero trust is to bury your computer in concrete”

-- Cybersecurity Executive at Top 5 US Bank

Challenges for Products Buyers

  • Zero Trust is Not Important Yet - Cybersecurity spending is dominated by regulatory and compliance drivers. Zero trust isn’t important to regulators yet.
  • Zero Trust is Really Hard - Zero trust is a high effort for very little visible reward. Implementations take a really long time and require deep knowledge of how applications and infrastructure integrates into upstream and downstream systems. Technical Debt only makes this worse.
  • Zero Trust Requires Homework - Zero trust requires a company to know much more about their IT applications that most companies ever do.

How Players Will Be Successful in this Market

  • Make zero trust implementation less complex.
  • Products that create an easy-path to implement “zero trust principles” onto existing technology stacks with limited management overhead will win.
  • Enable the zero trust way of operating. Offer complementary products that enable the zero trust principles or that ease the path into zero trust.

How Will Product Buyers Get What They Need?

  • Scale. Corporate buyers rarely have the financial latitude to buy the “best of” anything, so scale and interoperability matters. Use your limited capital to buy products in this space with the most integrations for your environment.
  • Plan for Now. Buy for what can work now on premises and in cloud-hosted environments.

References

Want More?

Looking for more insights and analysis? Check out the Pro version of this issue where you’ll find:

  • 11 Players (83% more)
  • 13 Predictions (86% more)
  • 5 Challenges (67% more)
  • 5 Product Space Opportunities (Pro Only Section 100% more)
  • 7 Insights on how Players can be successful (133% more)
  • 4 Tips on how Product Buyers can get what they need (100% more)
  • 8 References (60% more)

Before You Go

Did you enjoy this issue of Cybersecurity Market Insights? If so, consider sharing it on social media or telling some friends about it. Maybe something like this?

“Looking to learn about #cybersecurity in plain English and looking for product buying guidance? Check out the Cybersecurity Market Insights by Fraction Consulting newsletter!”

Be sure to also check out Fraction Consulting if you’re interested in deeper dive engagements, fractional CTO/CISO consulting, and guidance on an array of technology and cybersecurity efforts.

Top comments (0)