The CF List: 20 Top Zero Trust Security Providers You Should KnowThe CF List: 20 Top Zero Trust Security Providers You Should Know
Zero trust is increasingly in demand as ransomware and other attacks escalate.
July 14, 2021
With hackers launching increasingly stealthy attacks, zero-trust security is a red-hot topic in the channel.
Cybersecurity experts are illustrating the benefits of zero trust at just about every security conference. In addition, they’re saying it’s a competitive advantage. If you don’t have it, you’re giving hackers an open invitation to attack.
Our latest CF List focuses on zero-trust security. Analysts with Omdia, S&P Global Market Intelligence, Forrester and Frost & Sullivan weighed in on zero-trust security market trends and what it takes to be a successful provider.
Philosophy or Strategy
Garrett Bekker is a senior research analyst with S&P Global Market Intelligence’s 451 Research. For him, zero trust is more of a philosophy or strategy than an actual product or technology.
S&P Global Market Intelligence’s Garrett Bekker
“For me, zero trust at its core is a way of approaching security where access to resources is predicated on your identity, or the identity of a thing or system, or app, than on what network or network segment you are on,” he said. “In other words, access is based more on who than where. It also means a larger role for the principle of least privilege — [it] only grants users access to what they explicitly need to do their jobs, and nothing more.”
Zero trust is increasingly conflated/confused with zero trust network access (ZTNA), Bekker said. That’s a specific technology designed to provide remote access to apps/resources as an alternative to a VPN.
“ZTNA is very similar to software-defined perimeter (SDP),” he said. “But SDP seems to be fading from use in favor of ZTNA.”
The Dinner Scenario
Rik Turner, principal analyst at Omdia, gave the following description of zero trust security. (Omdia and Channel Futures share a parent company, Informa.)
Omdia’s Rik Turner
“In the traditional system, if you invite someone to your house for dinner, you let them in when they knock at the door, usher them into the lounge and offer them a cocktail, then maybe you pop to the kitchen to see how the food’s doing, leaving them alone in the lounge,” he said. “At that point, they have the run of the house, and can root around in your cupboards, move to other rooms and investigate the wall safe you have behind that Picasso in your bedroom. You just trust they won’t. With zero trust, you let them into the lounge and serve their margarita, but when you go the kitchen they are locked in the lounge, the cupboards and drawers are all padlocked, and you can watch what they do in the lounge on CCTV.”
Steve Turner, risk and security analyst at Forrester, said the “way we’ve been doing security hasn’t been working.”
Forrester’s Steve Turner
“Instead of using a sledgehammer to eradicate a threat while destroying the parts you needed or disrupting business, zero trust allows us to use a variety of different control planes to surgically limit or eradicate a threat,” he said. “The enemy of most organizations have been attackers breaking into an asset whether that be an employee’s computer, server, or even IoT devices such as security cameras, printers, etc., and being able to laterally move within an organization. Following the principles of zero trust, attackers that try to move laterally can’t because zero-trust architecture includes the concept of segmentation where assets can’t talk to each other by default.”
Zero Trust Security Not Standalone Technology
Tony Massimini is senior industry analyst for information and network security at Frost & Sullivan. He doesn’t see zero trust as a standalone technology. It’s more of a security concept than a standalone technology in and of itself. It’s incorporated in a lot of solutions that have to work together in an integrated fashion.
“It’s becoming more of a standard feature for a lot of companies,” he said. “But you’re not going to just say give me your zero-trust solution; it’s incorporated into a security stack.”
We’ve compiled a list, in alphabetical order, of 20 top zero-trust security providers. It’s based on analysts’ feedback and recent news reports. The list includes a mix of well-known providers as well as lesser-known ones making strides in zero trust. This is by no means a complete list, and many market themselves as both zero trust, ZTNA or secure access service edge (SASE).
Scroll through our slideshow above to see who made the list.
About the Author(s)
You May Also Like