5 areas where zero trust can’t protect your organization

Adopting zero trust is no fail-safe against cyberattacks. Attackers are constantly finding new ways to get around zero trust, and this often happens because not everything within the organization environment was considered when employing zero trust. Among the overlooked risks are legacy systems, unmonitored IoT devices, or privileged access abuse.

Zero trust is a cybersecurity paradigm–a philosophy, really–in which every user, every device, every message is considered to be untrusted unless proven otherwise. It’s an alternative to the old perimeter-based approach, where things on the outside were untrusted, and things inside corporate networks were automatically considered trustworthy. In other words, enterprises had a hard shell and a soft, gooey center.

In an era where the perimeter is everywhere, where employees are as likely to be at home as at the office, where computing resources are spread among multiple data centers, clouds, and other third parties, the old approaches no longer work. Zero trust is the modern answer to this problem. And everyone is on board. According to an Okta survey of 700 companies released 2022, 55% of organizations already had a zero trust initiative in place–up from 24% in 2021–and 97% planned to have one in the coming 12 to 18 months.

Zero trust isn’t a cure-all. According to Gartner, through 2026, more than half of cyberattacks will be aimed at areas that zero trust doesn’t cover and can’t protect against. “There are two big issues with zero trust. One is scope, like legacy technology, or shadow IT. A second big issue is that there are attacks that bypass zero trust controls,” says Gartner analyst John Watts.

Read full article at CSO magazine.