Skip to content

Posts tagged ‘Mobile Security’

What’s New On The Zero Trust Security Landscape In 2019

What’s New On The Zero Trust Security Landscape In 2019

  • Forrester added in Checkpoint, Forescout, Google, illumio, MobileIron, Proofpoint, Symantec, and Unisys in their latest Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers this year.
  • Forrester’s 2019 scorecard increased the weight on network security, automation and orchestration, and portfolio growth rate compared to last year, adding in Zero Trust eXtended (ZTX) ecosystem advocacy to the scorecard for the first time.
  • Microsoft and VMWare are no longer included in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers this year.

These and many other interesting insights are from what’s new in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019, written by Chase Cunningham and published on October 29, 2019. Chase is a leading authority on Zero Trust Security, and I was fortunate to have the opportunity to interview him earlier this year. You can read the interview here,10 Questions With Chase Cunningham On Cybersecurity. Forrester included 14 vendors in this assessment: Akamai Technologies, Check Point, Cisco, Cyxtera Technologies, Forcepoint, Forescout, Google, illumio, MobileIron, Okta, Palo Alto Networks, Proofpoint, Symantec, and Unisys. The following is the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 graphic from the free reprint offered by MobileIron here.

Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019

 

Summary of What’s New In Forrester’s Zero Trust Wave This Year

The latest Forrester Wave adds in and places high importance on Zero Trust eXtended (ZTX) ecosystem advocacy, allocating 25% of the weight associated with the Strategy section on the scorecard. Forrester sees Zero Trust as a journey, with vendors who provide the greatest assistance and breadth of benefits on a unified platform being the most valuable. The Wave makes it clear that Zero Trust doesn’t refer to a specific technology but rather the orchestration of several technologies to enable and strengthen their Zero Trust framework. Key insights from what’s new this year in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 include the following:

  • Platforms are powering the Zero Trust landscape and delivering the greatest value to organizations on their Zero Trust journey. Forrester notes that organizations are getting the greatest benefits from choosing a single vendor who can deliver integrated, real-world capabilities instead of marketing hype.
  • Ease of use and excellent usability need to be the new normal when it comes to Zero Trust Solutions. Forrester sees a widening gap between Zero Trust solutions that take administrator and end-user experience into account and deliver the critical capabilities that make ZTX frameworks successful and those that don’t. It’s common knowledge of how challenging Zero Trust solutions and platforms are to deploy. Raising the issue of improving usability will help expand the total available market for Zero Trust solutions and increase the effectiveness of every platform installed.
  • A much stronger focus on Application Programmer Interfaces (APIs) and integration. This year’s Wave places much greater emphasis on APIs and the need to integrate every application and Web Service across a Zero Trust platform. The greater the integration expertise of any Zero Trust vendor, the faster an organization adopting their systems and platforms will attain secured stability across every threat surface.
  • Forrester advises Zero Trust vendors to concentrate on four key aspects of their strategy if they’re going to deliver overwhelming value to organizations they’re selling to. These four key aspects include actively advocating for Zero Trust as evidenced by driving product strategies that prioritize needed capabilities; supporting micro-segmentation; enforcing policy everywhere by first enabling extensive, proven integrations using well-documented and tested APIs that make it possible to enable policy definition and enforcement across enterprises; and provide identity beyond identity and access management (IAM).
  • Cyxtera Technologies, MobileIron, and Proofpoint are new to the Zero Trust World, each bringing valuable contributions to enterprises on their Zero Trust journey. Of the three, MobileIron is the most noteworthy as their approach to Zero Trust begins with the device and scales across mobile infrastructures. Forrester observes that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees all three vendors as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future.

Conclusion

The latest Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019, reflects the growing maturity of the Zero Trust eXtended (ZTX) Ecosystem. Adding in Zero Trust eXtended (ZTX) ecosystem advocacy and weighing it at 25% reflects how serious Forrester is about evaluating vendors on solid, real product features over marketing claims. The increased focus on platforms, APIs and integration also reflect the growing maturity of enterprises adopting Zero Trust frameworks today.

83% Of Enterprises Are Complacent About Mobile Security

  • 89% of organizations are relying on just a single security strategy to keep their mobile networks safe.
  • 61% report that their spending on mobile security had increased in 2017 with 10% saying it had increased significantly.
  • Just 39% of mobile device users in enterprises change all default passwords, and only 38% use strong two-factor authentication on their mobile devices.
  • Just 31% of companies are using mobile device or enterprise mobility management (MDM or EMM).

These and many other insights are from the recently published Verizon Mobile Security Index 2018 Report. The report is available here for download (22 pp., PDF, no opt-in). Verizon commissioned an independent research company to complete the survey in the second half of 2017, interviewing over 600 professionals involved in procuring and managing mobile devices for their organizations. Please see page 20 of the study for additional details on the methodology.

The study found that the accelerating pace of cloud, Internet of Things (IoT), and mobile adoption is outpacing enterprises’ ability to scale security management, leaving companies vulnerable. When there’s a trade-off between the expediency needed to accomplish business performance goals and security, the business goals win the majority of the time. 32% of enterprises are sacrificing security for expediency and business performance, leaving many areas of their core infrastructure unsecured. Enterprises who made this trade-off of expediency over security were 2.4x as likely to suffer data loss or downtime.

Key takeaways from the study include the following:

  • 79% of enterprises consider their employees to be the most significant security threat. The study points out that it’s not due to losing devices, inadvertent security errors or circumventing security policies. It’s the threat of employees using their secured access for financial or personal gain. 58% of senior management leaders interviewed view employees with secure access as the most significant threat. Security platforms that can stop credential attacks using risk assessment models predicated on behavioral pattern matching and analysis by verifying an employee’s identity are flourishing today. One of the leaders in this field is Centrify, who espouses Zero Trust Security. The following graphic from the study shows the priority of which actors enterprise leaders are most concerned about regarding threats, with employees being the most often mentioned.

  • 32% of enterprises have sacrificed security for expediency and business performance leading to 45% of them suffering data loss or downtime. The study found that companies who sacrificed security were also 2.4x more likely to have experienced data loss or downtime as a result of a mobile-related security incident. For the 68% who prioritized security over expediency, just 19% had suffered data loss or downtime.

  • 89% of enterprises are relying on just a single security practice to keep their mobile networks safe. Verizon’s study found that the majority of enterprises are relying on just one security practice to protect their networks. 55% have two in place, and just 14% have four. Of the four security practices, only 39% change all default passwords. Just under half (47%), encrypt the transmission of sensitive data across open, public networks. The following graphic from the study illustrates the percentage of enterprises who have between 1 and all four security practices in place.

  • Just 49% of enterprises have a policy regarding the use of public WiFi, and even fewer (47%) encrypt the transmission of sensitive data across open, public networks. A startling high 71% of respondents use public Wi-Fi networks for work tasks, despite their companies prohibiting their use. Taking risks with unsecured Wi-Fi networks for expediency and business performance being done at the expense of security supports a key finding of this study. Nearly one in three (32%) of enterprises are sacrificing security for expediency and business performance, including accessing unsecured Wi-Fi networks. The following infographic from the study explains a few of the many security threats inherent in the design and use of public Wi-Fi networks.

 

%d bloggers like this: