As 72% of organisations plan to implement Zero Trust capabilities in 2020 to mitigate growing cyber risk, nearly half (47%) of cyber security professionals lack confidence applying a Zero Trust model to their Secure Access architecture, according to the 2020 Zero Trust Progress Report released by Cybersecurity Insiders and Pulse Secure, globally renowned provider of software-defined Secure Access solutions.

2020 Zero Trust Progress report

The 2020 Zero Trust Progress report surveyed more than 400 cyber security decision makers to share how enterprises are implementing Zero Trust security in their organisation and reveal key drivers, adoption, technologies, investments and benefits. The report found that Zero Trust access is moving beyond concept to implementation in 2020, but there is a striking confidence divide among cybersecurity professionals in applying Zero Trust principles.

Cyberattacks and enormity of data breaches in 2019 has challenged the veracity of secure access defenses"

The sheer volume of cyberattacks and enormity of data breaches in 2019 has challenged the veracity of secure access defenses, even in well-funded organisations,” said Scott Gordon, chief marketing officer at Pulse Secure. “Zero Trust holds the promise of vastly enhanced usability, data protection and governance. However, there is a healthy degree of confusion among cyber security professionals about where and how to implement Zero Trust controls in hybrid IT environment – which is clearly reflected in respondents’ split confidence levels.

Data protection

Of the organisations building out Zero Trust capabilities in 2020, data protection, trust earned through entity verification, and continuous authentication and authorisation were cited as the most compelling tenets of Zero Trust.

The report also discovered nearly one-third of organisations (30%) are seeking to simplify secure access delivery, including enhancing user experience and optimising administration and provisioning. Additionally, 53% of respondents plan to move Zero Trust access capabilities to a hybrid IT deployment.

Vulnerable mobile and at-risk devices, BYOD and IoT trend

More than 40% of survey respondents expressed that vulnerable mobile and at-risk device, insecure partner access, cyber-attacks, over privileged employees, and shadow IT risks are top challenges to secure access to applications and resources.

Digital transformation is ushering in an increase in malware attacks, IoT exposures and data breaches, and this is because it’s easier to phish users on mobile devices and take advantage of poorly maintained Internet-connected devices. As a result, orchestrating endpoint visibility, authentication and security enforcement controls are paramount to achieve a Zero Trust posture,” said Gordon.

While 45% are concerned with public cloud application access security and 43% of respondents expressed Bring Your Own Device (BYOD) enablement issues, more than 70% of organisations are looking to advance their identity and access management capabilities.

Secure Access for Hybrid IT models

Secure Access starts with appropriate and well-maintained user provisioning but requires entity authentication"

Secure Access starts with appropriate and well-maintained user provisioning but requires entity authentication and compliance checks to invoke conditional access – regardless if a user is remote or on a corporate network, if the device is personal or corporate-owned, or if the application is internal or in the cloud,” said Gordon.

Workforce mobility and hybrid IT models have placed most workloads beyond the shelter of corporate networks and traditional perimeter defense – which creates significant user access and data concerns. The 2020 Zero Trust Progress Report revealed nearly a third of cybersecurity professionals expressed value in applying Zero Trust to address hybrid IT security issues.

Re-evaluating secure access infrastructure

Organisations at all stages of cloud adoption should re-evaluate their access security posture and data privacy requirements as they move applications and resources from on-premises to public and private cloud environments. Applying a Zero Trust model that aligns to hybrid IT migration can allow organizations to realise utility computing economies while creating a non-disruptive way to implement Zero Trust Network Access (ZTNA) functionality when, where and how they require,” said Gordon.

The report highlighted that a quarter of organisations seek to augment their current secure access infrastructure with Software Defined Perimeter (SDP) technology (aka Zero Trust Network Access - ZTNA). “Organisations interested in exploring ZTNA should seek a solution that works in parallel with a perimeter-based VPN to gain essential operational flexibility for enterprises and service providers supporting data center and multi-cloud environments,” said Gordon.

Hybrid IT deployment

Of the respondents considering SDP, a majority (53%) would require a hybrid IT deployment and quarter (25%) would adopt a SaaS (Software-as-a-Service) implementation.

Some organisations are hesitant to implement Zero Trust as SaaS because they might have legacy applications that will either delay, or prevent, cloud deployment. Others might have greater data protection obligations, where they are averse to having controls and other sensitive information leaving their premises, or they have a material investment in their datacenter infrastructure that meets their needs,” said Holger Schulze, founder and CEO of Cybersecurity Insiders.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

The importance of a secure perimeter in safeguarding our schools
The importance of a secure perimeter in safeguarding our schools

Schools play a key role in shaping our future. Following the reopening of classrooms up and down the country, young minds are returning to some normality. Once again they're being inspired, learning useful skills, and forging new interests to ensure our country's continued prosperity. Schools need a comprehensive security infrastructure to protect the children who attend them. Most notably, secure perimeters that keep unwanted people out, but also ensure visitors, parents, and students alike can access their shared community space without feeling segregated or unwelcome. Robust boundary fencing  However, although safety is often the primary concern of parents, with tighter budgetary constraints and funds prioritised to make schools COVID safe, it can be all too easy to let important perimeter replacement or improvement programmes slip. The purpose of boundary fencing is to restrict unauthorised entry and exit The purpose of boundary fencing is to restrict unauthorised entry and exit from school grounds, and should be specifically designed to be fit for purpose. Opting for fencing with a welded pale-through-rail construction and concealed anti-tamper connectors between  fence panels and posts delivers a robust boundary that's virtually impossible to break through. This style of fencing also gives a better finish with no visible joints or unsightly bolts. Attractive and practical solutions Unlike generic riveted palisade fencing, this solution is both attractive and practical, more so now that LPS 1175 SR1 certified and Secured by Design versions are available. The style of fencing should meet a school's desired security and safety requirements, simultaneously, it should not compromise on aesthetic considerations. As part of the public face of the school, it should be attractive as well as functional, helping overcome any concerns of creating a prison-like environment and promote a sense of well-being. It's recommended that perimeter fencing should be: a minimum of two metres high, vandal-resistant and sturdy, grounded on a hard surface, challenging to scale, and have an anti-climb topping, much the same as a high-security option. Access all areas Each educational site must consider the number of necessary entrances A perimeter fence requires secure access points and gates. Each educational site must consider the number of necessary entrances. These should be kept to a minimum, to make it easier to maintain control of visitor movement. However, in larger schools this is not always possible and additional entrances may be required to prevent potentially dangerous congestion at the start and end of the school day. Furthermore, separate gates must be installed for vehicles and pedestrians to ensure they are kept at a safe distance, and avoid unnecessary openings of large, double leaf gates. All access points should be locked during the day to keep students on-site and prevent intruders from gaining access to school grounds. Gates should ideally be matched in  design, height and construction to the fencing,  to prevent creating vulnerable areas and compromising security. Automatic vs manual While automatic gates offer more control, manual gates shouldn't be overlooked. Not only are they easier to install and usually cheaper than automated gates, but they also don't rely on power, so if your site's supply is cut off, they provide a hassle-free exit. Furthermore, gates that are only used at the start and end of the day can be easily locked manually by staff. However, automated gates do offer welcome flexibility, as they include access control devices such as remote controls, keypads and card readers, which will also increase the school's security. They're also robust and heavy, meaning it's incredibly difficult to force them open. Electric gates offer additional versatility with a choice of either full automation, or a hybrid of manned and automatic security, with staff able to allow visitors access via intercom or video system. Securing outdoor facilities It’s also essential to consider outdoor areas when it comes to specifying security options for educational environments. Specialist security fencing should be specified where recreational areas double up as the school’s boundary fencing. The security of the site's sports facilities will also need to be considered. Commonly known as MUGAs (Multi-Use Games Areas), enclosures can be designed with specialist mesh systems to allow multiple sports to be played in the same location while providing safety to participants, spectators and buildings. When it comes to play areas in nurseries and junior schools, installing RoSPA approved and BS EN 1176 compliant fencing and gates is recommended. These are available in both timber and steel options and tested for their ability to provide a safe fencing and gate solution - designed to reduce the risk of limb entrapment. Acoustic fencing is also worth considering for these environments, particularly in urban areas or where housing is close to school play areas. It can help reduce incoming ambient noise from neighbouring busy roads, railway lines, or construction sites, and contain the school noise within its boundary. Offering sufficient protection Focus on learning unimpeded by threat The current generation of children deserve an environment where they can focus on learning unimpeded by threat. Schools need robust perimeter solutions that welcome pupils, offer peace of mind to parents, and provide them with sufficient protection against intruders. Ultimately, it's the responsibility of the head teachers to engage in dialogue with knowledgeable security professionals to get the most appropriate and effective security solutions for their school, staff and students.

Protecting retail staff in a new era: live-streaming body cameras
Protecting retail staff in a new era: live-streaming body cameras

This year has been characterised by uncertainty and extraordinary strain, which has fallen heavily on all manner of key workers. Alongside our celebrated healthcare professionals, carers and the emergency services, those working in essential retail have proved themselves to be the backbone of our society during this challenging period. As people try to grasp onto normality and cope with the unexpected changes taking place in every aspect of their lives – including the way they are allowed to shop – it’s no surprise that tensions are now running higher than ever. Retail crime was already on the rise before the pandemic struck, with the British Retail Consortium finding that at least 424 violent or abusive incidents were reported every day last year. The Co-op recently reported its worst week in history in terms of abuse and antisocial behaviour, with 990 incidents of antisocial behaviour and verbal abuse suffered by staff between 20th and 26th July. 990 incidents of antisocial behaviour and verbal abuse suffered by staff between 20th and 26th July To manage the increased risks currently faced by retail employees, businesses must adopt new initiatives to safeguard their staff. Growing numbers of retailers including the Co-op and Asda have equipped their in-store and delivery staff with body worn cameras to enhance safety and provide them with peace of mind, as well as to discourage altercations from taking place at all. Traditional tech Body worn cameras are nothing new and have been used within the law enforcement industry for years. Traditional devices are record-only and can be used to record video evidence able to be drawn upon ‘after the fact’ should it be needed as an objective view of an event and who was involved. These devices can also be used to discourage violent or verbally abusive incidents from occurring in the first place. If a customer is approached by an employee, they are likely to think twice about retaliating if they know their interaction is being recorded. This stance is supported by research from the University of Cambridge that found the use of body worn cameras improves the behaviour of the wearer and those in its vicinity, as both are aware of the fact it can act as an objective ‘digital witness’ to the situation. However, record-only body worn cameras do leave much to be desired. In fact, the same University of Cambridge study found that, in the case of law enforcement, assaults against officers wearing these devices actually increased by 15%. This could be attributed to those being recorded being provoked by the presence of the camera or wanting to destroy any evidence it may hold.  Out with the old, in with the new Live-streaming enabled body worn cameras provide the benefits of record-only devices and more Fortunately, there is a better option. Live-streaming enabled body worn cameras provide the benefits of record-only devices and more. Live-streaming capabilities are able to take ‘after the fact’ evidence one step further and provide the wearer with ‘in the moment’ safety and reassurance. With these devices, if a retail employee is subject to a volatile situation with a customer, they can trigger live video to be streamed back to a central command and control room where security officers will be able to take the most appropriate course of action with heightened and real-time situational awareness. Having access to all of the information they could need instantly will enable security personnel to decide whether to attend the scene and diffuse the situation themselves or to take more drastic action if needed, before any harm has been caused. This capability is especially valuable for lone workers who don’t have access to instant support – such as delivery drivers, in-store or warehouse staff and distribution operators to name a few. The pandemic has also doubled the number of consumers who do their regular grocery shopping online, leading to potential supply and demand issues resulting in unhappy customers.  Live-streaming body worn cameras rely on uninterrupted mobile connectivity to excel, as they are not connected to any physical infrastructure. To minimise the risk of the live video stream buffering or freezing – a real possibility for delivery drivers who can be working anywhere in the country – retailers should look to deploy devices capable of streaming in real-time, with near zero latency footage, even when streaming over poor or constrained networks. To get the most out of their tech, retailers should also look to implement devices that can be multi-use and can be deployed as a body worn camera or a dashcam to record any incidents that may occur whilst driving.    Novel threats   This year brought about a new threat that retailers must protect their staff from While not to the same extent, retail workers have always been subject to a level of potential physical or verbal abuse. However, this year brought about a new threat that retailers must protect their staff from. The COVID-19 pandemic has been the cause of many of the new threats facing employees, but is also a threat in itself. To mitigate this, retailers should look to introduce remote elevated temperature detection cameras in their stores, which analyse body temperature and sound an alarm when somebody’s temperature exceeds a certain threshold – as this could indicate the presence of a potential fever. When deployed on the same cellular network as live-streaming enabled body cameras, these tools can be linked to a central command centre and the alarms viewed remotely from any connected device. This means a network of cameras can be monitored efficiently from a single platform. Ensuring the protection and security of retail workers has come to the fore this year. With the risk of infection in high-footfall locations, such as supermarkets, and the added pressure that comes with monitoring and enforcing safety guidelines, retail staff are having to cope with a plethora of new challenges. Retailers should adopt innovative technologies within their stores and delivery trucks, such as live-streaming enabled body cameras and remote elevated temperature screening solutions, to minimise the threat faced by their employees and provide them with instant support and reassurance should it be required.

Inclusion and diversity in the security industry: ‘One step at a time’
Inclusion and diversity in the security industry: ‘One step at a time’

Historically, concerns about inclusion and diversity have not been widely discussed in the security market. In the last couple of years, however, the Security Industry Association (SIA) and other groups have worked to raise awareness around issues of diversity and inclusion. Specifically, SIA’s Women in Security Forum has focused on the growing role of women in all aspects of security, and SIA’s RISE community has focused on “rising stars” in an industry previously dominated by Baby Boomers. The next generation of security leaders There is a business case to be made for diversity and inclusion, says a report by McKinsey & Company. According to the management consulting company, gender-diverse companies are 24% more likely to outperform less diverse companies, and ethnically diverse companies are 33% more likely to outperform their less diverse counterparts. Furthermore, the “next generation of security leaders” – employees under 30 – are particularly focused on diversity and inclusion. Diversity refers to the traits and characteristics that make people unique A panel discussion at ISC West’s Virtual Event highlighted aspects of inclusion and diversity, starting with a definition of each. Diversity refers to the traits and characteristics that make people unique. On the other hand, inclusion refers to the behaviour and social norms that ensure people feel welcome. “We are all on a journey, and our journey takes different paths,” said Willem Ryan of AlertEnterprise, one of the SIA panelists. “There are opportunities to improve over time. We can all change and increase our ability to have a positive impact.” Industry responsibility The industry has a responsibility to the next generation of industry leaders to address issues of inclusion and diversity. Forbes magazine says that millennials are more engaged at work when they believe their company fosters an inclusive culture. So the question becomes: How do we unify and create opportunities to work with and champion tomorrow’s leaders? SIA is driving change in our industry to achieve that goal. More women are active in SIA than ever before. The SIA Women in Security Forum now has 520 members, said Maureen Carlo of BCD International, the SIA Women in Security Forum Chair and another panelist. Also, more women than ever are chairing SIA committees and serving on the SIA Board of Directors. More women than ever are chairing SIA committees Overcoming unconscious bias Former SIA Chairman Scott Shafer of SMS Advisors, another of the panelists, noted that SIA awarded the Chairman’s Award to the Women in Security Forum in 2019, and to the RISE community steering committee in 2020. “There are lots of ways we are seeing the elevation of women and ethnic groups in the security industry,” said Shafer. One topic of interest is the problem of “unconscious bias,” which can be overcome by looking at something through some else’s lens. Ryan suggested use of the acronym SELF –  Slow Down, Empathise, Learn, and Find commonalities. Ryan recalled the value of being mentored and having someone shepherd him around the industry. “Now I want to give back,” he said. “We need to look at the things we can change in ourselves, in our company, in our communities, and in our industry. Change comes from the bottom and the top.” Increasing representation “It takes all of us to increase representation everywhere,” said Kasia Hanson of Intel Corp., another panelist. “We have in common that we are all human beings. Let’s make sure the next generation all have opportunities.” Diverse companies can attract better talent Moving forward, the panelists urged the industry to get involved and create opportunities because inclusion drives diversity. Diverse companies can attract better talent and attain a competitive advantage. Awareness of unconscious bias, and working to eliminate it, is an important element of change. Despite the progress the security industry is making, change continues to be incremental. As Ruth Bader Ginsburg has said, “Real change, enduring change, happens one step at a time.”