Reg Reader Survey Like many concepts in cyber-security, Zero Trust (hereafter “ZT”) has come to prominence recently. The concept is reckoned to have first been used in the mid-1990s, though it came to prominence around 2010 and has really started to take off in the past three years or so.
But when we say “take off”, we don’t really mean it’s become ubiquitous, or the default approach to security used by the majority of companies. No, we really mean that lots of people have started to talk about it and seriously contemplate using it … but not necessarily to put those words and thoughts into action.
Although one analysis says the market for ZT in 2019 was around $18.5bn, rapid growth is predicted with a forecast $66.7bn by 2027. Another reckons it’ll grow slightly less quickly, to $59.4bn by 2028. Big numbers, and not all that far apart.
But what are real organisations doing with in ZT? Is it still just a topic for discussion rather than action? Do we really understand what ZT is, and do we have the right skills and tools to implement it?
Realistically we probably do, at least to a reasonable extent, because many concept of ZT are really just no-brainer cyber fundamentals – for example the National Cyber Security Council’s ZT guidelines include stuff like “use policies to authorise requests,” “don’t trust any network, including your own,” and “authenticate and authorise everywhere.” But to be fair, there’s more to ZT than the basic stuff we’re all doing: like anything, you have to start with the obvious foundations and then build less established concepts on top of them.
If the ZT market is already around the $20bn mark, though, is this reflected in the real world that is the UK IT and cyber market in general and the large proportion of it that reads The Reg in particular? What do you think?
Our survey takes three key steps, beginning with what you all know about it. Have you even heard of it at all? If so, can you merely nod sagely and look interested when someone mentions it in the pub, or are you a proper ZT geek with knowledge deeper than a Redd Pepper voiceover?
If you’ve heard of it, are you doing anything with it? Do you and your systems owe their entire existence to a trust-free approach, or at the other end of the spectrum have you taken an active decision that it’s all a load of hype (or stuff you’re doing anyway) and decided not to bother? And then, finally, how’s your knowledge of the market? Have you glanced at a vendor or two, or are you fully conversant in what you can buy, from whom, in the field of Zero Trust?
Do please take a few moments to tell us what you know and think about Zero Trust. There are only five questions – which is a stonking 45 fewer than Jay’s Virtual Pub Quiz, and it’s even multiple-choice – so it should take you no time at all. Once you’ve all told us what you think we’ll collate the answers and summarise what you’ve said. ®