Zero trust is increasingly in demand as ransomware and other attacks escalate.

Edward Gately, Senior News Editor

July 14, 2021

20 Slides

With hackers launching increasingly stealthy attacks, zero-trust security is a red-hot topic in the channel.

Cybersecurity experts are illustrating the benefits of zero trust at just about every security conference. In addition, they’re saying it’s a competitive advantage. If you don’t have it, you’re giving hackers an open invitation to attack.

Our latest CF List focuses on zero-trust security. Analysts with Omdia, S&P Global Market Intelligence, Forrester and Frost & Sullivan weighed in on zero-trust security market trends and what it takes to be a successful provider.

Philosophy or Strategy

Garrett Bekker is a senior research analyst with S&P Global Market Intelligence’s 451 Research. For him, zero trust is more of a philosophy or strategy than an actual product or technology.

Bekker-Garrett_SP-Global-Market-Intelligence.jpg

S&P Global Market Intelligence’s Garrett Bekker

“For me, zero trust at its core is a way of approaching security where access to resources is predicated on your identity, or the identity of a thing or system, or app, than on what network or network segment you are on,” he said. “In other words, access is based more on who than where. It also means a larger role for the principle of least privilege — [it] only grants users access to what they explicitly need to do their jobs, and nothing more.”

Zero trust is increasingly conflated/confused with zero trust network access (ZTNA), Bekker said. That’s a specific technology designed to provide remote access to apps/resources as an alternative to a VPN.

“ZTNA is very similar to software-defined perimeter (SDP),” he said. “But SDP seems to be fading from use in favor of ZTNA.”

The Dinner Scenario

Rik Turner, principal analyst at Omdia, gave the following description of zero trust security. (Omdia and Channel Futures share a parent company, Informa.)

Turner-Rik_Ovum.jpg

Omdia’s Rik Turner

“In the traditional system, if you invite someone to your house for dinner, you let them in when they knock at the door, usher them into the lounge and offer them a cocktail, then maybe you pop to the kitchen to see how the food’s doing, leaving them alone in the lounge,” he said. “At that point, they have the run of the house, and can root around in your cupboards, move to other rooms and investigate the wall safe you have behind that Picasso in your bedroom. You just trust they won’t. With zero trust, you let them into the lounge and serve their margarita, but when you go the kitchen they are locked in the lounge, the cupboards and drawers are all padlocked, and you can watch what they do in the lounge on CCTV.”

Steve Turner, risk and security analyst at Forrester, said the “way we’ve been doing security hasn’t been working.”

Turner-Steve_Forrester-1.jpg

Forrester’s Steve Turner

“Instead of using a sledgehammer to eradicate a threat while destroying the parts you needed or disrupting business, zero trust allows us to use a variety of different control planes to surgically limit or eradicate a threat,” he said. “The enemy of most organizations have been attackers breaking into an asset whether that be an employee’s computer, server, or even IoT devices such as security cameras, printers, etc., and being able to laterally move within an organization. Following the principles of zero trust, attackers that try to move laterally can’t because zero-trust architecture includes the concept of segmentation where assets can’t talk to each other by default.”

Zero Trust Security Not Standalone Technology

Tony Massimini is senior industry analyst for information and network security at Frost & Sullivan. He doesn’t see zero trust as a standalone technology. It’s more of a security concept than a standalone technology in and of itself. It’s incorporated in a lot of solutions that have to work together in an integrated fashion.

“It’s becoming more of a standard feature for a lot of companies,” he said. “But you’re not going to just say give me your zero-trust solution; it’s incorporated into a security stack.”

We’ve compiled a list, in alphabetical order, of 20 top zero-trust security providers. It’s based on analysts’ feedback and recent news reports. The list includes a mix of well-known providers as well as lesser-known ones making strides in zero trust. This is by no means a complete list, and many market themselves as both zero trust, ZTNA or secure access service edge (SASE).

Scroll through our slideshow above to see who made the list.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsVARs/SIs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like