Hi there! If you‘ve found your way to this article, you likely already know perimeter-based network security models have failed in the cloud and work-from-anywhere world. As cyberthreats relentlessly rise to staggering new levels, every organization needs to start shifting to a zero trust security architecture.
But what exactly is "zero trust" anyway? And why does it matter today despite all the security technologies you already have in place?
Let me explain…then walk you through the top solutions to consider as you develop a zero trust strategy for your business.
What is Zero Trust and Why It Matters Now
The zero trust model is centered on the principle of never trust, always verify access.
It flips outdated, "castle and moat" security approaches upside down. Instead of trusting everything inside the network and erecting barriers at the perimeter, zero trust dictates that all users and devices must be authenticated and authorized before granting the least privileged access to applications and data.
Without getting overly technical, here are 3 core tenets of zero trust:
-
Verify explicitly – Use continuous authentication and authorization of users based on contextual factors like roles, locations, and device security posture
-
Least privilege access – Only grant narrowly tailored access to specific resources based on justified needs
-
Assume breach – With adversaries already in networks, limit blast radius by segmenting access across microperimeters
This verified access and microsegmentation drastically reduces your risk surface for when (not if) breaches occur.
And breaches today are happening at an astonishing pace, with cybercrime expected to inflict $10.5 trillion in damages annually by 2025. Over just 3 months in 2022, the average breached US record contained 63 personally identifiable attributes – enabling devastating identity theft and fraud.
Meanwhile, traditional security controls are crumbling as cloud adoption and remote work remove the network perimeter. 77% of businesses today rely on cloud infrastructure while nearly 70% of employees work remotely at least one day per week.
Simply put – zero trust is becoming the new security imperative as perimeter-based models fail. Adoption is accelerating rapidly as turnkey solutions emerge from leading vendors.
Evaluating 7 Leading Zero Trust Vendors
The good news is many tools now exist to help implement zero trust capabilities tailored to your technical environment and business risks.
While this guide can‘t cover every vendor, let‘s compare 7 top-rated solutions that both industry analysts and customers praise:
NordLayer
Defining Capabilities
As a Secure Access Service Edge (SASE) solution delivered from the cloud, NordLayer removes implicit trust in your infrastructure using:
- Secure web gateways as software-defined access points
- Device and user verification before allowing connections
- Restricted access proxies to avoid malware spread
- Activity monitoring for risk awareness
Key Customers
NordLayer protects rapidly growing cloud companies like LeapFinance and Sigue as well as brick-and-mortar institutions such as AU Optronics bank branches.
Notable Innovation
The NordLynx VPN tunneling protocol, derived from WireGuard, provides leading-edge encryption with minimal performance impact.
Perimeter 81
Defining Capabilities
Perimeter 81 simplifies cloud and hybrid secure access service edge (SASE) with two core offerings:
- Zero Trust Network Access (ZTNA): Software-defined perimeter to control lateral movement between microsegments
- Zero Trust Application Access: Identity and context-based user authorization per application
Validation
Recently named as a Leader in the 2022 Gartner Magic Quadrant for ZTNA.
Ideal Customer
Mid-market and enterprise organizations running hybrid or multi-cloud environments who want unified visibility and control across their entire network and application infrastructure.
Zscaler Private Access
Defining Capabilities
Delivered as a cloud service, Zscaler Private Access was purpose-built for zero trust using:
- An inside-out connectivity model to cloack applications from unauthorized access
- Application-specific microtunnels to isolate access
- Automated policy engines to simplify management at scale
Customer Success
Reduced breach risks from compromised credentials for companies like Broadcom, while saving thousands in network hardware costs.
Recent Innovation
Advanced analytics and machine learning engines to autogenerate zero trust segmentation policies.
Cloudflare Access
Defining Capabilities
Cloudflare Access replaces VPNs with the security of zero trust, delivered through its vast network spanning 250+ cities globally. It authenticates users instead of devices to enable:
- Application-specific authorization policies
- Real-time visibility into access attempts
- Scale to teams large and small
Ideal Customer
Cloud-first companies with modern infrastructures who prioritize fast and seamless access across distributed teams and applications.
Wandera Private Access
Defining Capabilities
Wandera secures access to internal web apps with zero trust controls purpose-built for today‘s remote workforce including:
- Simple 5-click setup
- Device-level conditional policies
- Real-time session visibility
- Automated threat response
Customer Success
Cut breach risks in half in 6 months for a Fortune 500 manufacturer, while saving 40% in costs compared to VPNs.
Validation
Named as a sample vendor in Gartner‘s Market Guide for Zero Trust Network Access.
Okta
Defining Capabilities
Okta centralizes access control and continuous authentication across cloud apps, services, and APIs with:
- Standards-based open identity management
- 7,000+ out-of-the-box app integrations
- Adaptive UX tailored to user context
- Auto-provisioning and offboarding
Customer Success
Seamlessly manages 10 million authentications daily across Okta‘s vast enterprise customer base, including major brands like JetBlue, Nordstrom, and Instacart.
CrowdStrike Falcon
Defining Capabilities
CrowdStrike Falcon Identity Threat Protection detects compromised user credentials and risky access behavior using:
- AI-powered analytics that "learn" normal behavior
- Real-time alerting for anomalies
- Automated policy responses
- Unified visibility across cloud and legacy tools
Validation
Named as a Leader in 2022 Gartner Magic Quadrant for Identity Threat Detection and Response.
Ideal Customer
Heavily regulated organizations who need to detect credential misuse and insider threats across complex, distributed IT environments.
As you compare these solutions, pay special attention to their authentication methods, security analytics, accessibility, interoperability, and ease of use.
These factors all significantly impact your team‘s ability to implement sustainable zero trust architecture aligned with your technical roadmap and skill sets.
For example, Okta shines for its seamless app integrations while NordLayer wins on affordability. Cloudflare Access prioritizes blazing-fast user experience and CrowdStrike Falcon leverages superior AI to spot threats.
Plotting Your Path to Zero Trust Adoption
While differences exist across solutions, any zero trust vendor you choose marks progress beyond dated legacy security models.
Here are 5 guidelines to drive your adoption journey:
Start small, then go broad. Resist a revolutionary overhaul. Prioritize 1-2 critical apps for initial zero trust controls, then incrementally expand coverage.
Lead with risk, not technology. Quantify exposure from compromised accounts, insecure devices, excessive permissions before aligning controls to perceived threats.
Phase capabilities in 4 areas: visibility, access controls, multi-factor authentication, analytics/AI.
Coach users early and often. Reduce change resistance by explaining shifting trust dynamics and new verification steps.
Automate everything you can. Look for tools purpose-built to ease zero trust policy/access management as you scale controls across apps, clouds and partners.
While the path forward takes commitment and coordination, the payoff is immense. Blend the right mix of zero trust solution capabilities to your environment and risk profile. Then execute phased deployments tuned to user adoption capacity.
Once mature, you‘ll gain unmatched visibility and control to thwart both outside attackers and inside threats. You‘ll also keep pace with shifting regulatory standards demanding principles now embodied in zero trust frameworks.
Are you ready to embrace zero trust? What questions or use cases would you like me to explore further? Let me know in the comments!
JR
Independent Cybersecurity Advisor
@zero_trust_guru
