zero trust

the Cloud Security Alliance has launched its Zero Trust Advancement Center together with CrowdStrike, Okta, and Zscaler. (source – Shutterstock)

Cloud Security Alliance to educate businesses on Zero Trust best practices

One of the biggest buzzwords in cybersecurity today is zero trust. The strategic approach in cybersecurity that assumes every connection is unsafe unless validated is now becoming the most sought-after security tool by organizations. However, are organizations really sure of what zero trust is and how they can use it?

In fact, the 2022 CrowdStrike Global Threat Report stated that nearly 80% of cyber attacks leverage identity-based attacks to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection. Hence, it makes sense why zero trust is the ideal cybersecurity solution. However, there are also reports indicating that zero trust is still not being properly implemented by most organizations.

This is where the Cloud Security Alliance comes in. As the world’s leading organization dedicated to defining and raising awareness on secure cloud computing environments, CSA harnesses the subject matter expertise of industry practitioners, associations, governments. Today, the CSA is dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment for businesses around the world.

With cyber threats continuing to increase globally and to help businesses better understand what zero trust is all about, the CSA has launched its Zero Trust Advancement Center together with CrowdStrike, Okta, and Zscaler. The new center brings together several existing research and educational projects at CSA that will be disseminated online and through its global network of chapters.

What is Zero Trust all about?

According to Jim Reavis, CEO of Cloud Security Alliance, there is still a lot of confusion on zero trust in the industry. He explained that many IT and security executives report that they do not have access to quality education that explains the concept in a vendor-agnostic setting, frames it as a set of guiding principles, and helps provide context around the myriad of related solutions.

“We are thrilled that industry leaders CrowdStrike, Okta, and Zscaler share our perspective around zero trust as a strategy and are partnering with us to accelerate the creation of standards-driven zero trust knowledge in our new center,” said Reavis.

Among the activities to improve the understanding, the CSA has planned include a webinar series, several research whitepapers, an annual summit to be initiated in Q4 2022, and a new professional credential, the Certificate of Zero Trust Knowledge (CZTK). CSA is also expected to release the results of a new survey, CISO Perspectives, and Progress in Deploying Zero Trust, at the CxO Trust Summit later this year.

For George Kurtz, CEO and co-founder of CrowdStrike, identity has become the new security perimeter in today’s mobile, work-from-anywhere world. He added that CrowdStrike’s Zero Trust solution is built on their best-of-platform architecture to deliver the modern attack defense pillars – endpoint and workloads, identity and data – and address the adversary problem, whether it is in the cloud, on-prem, or in a hybrid environment.

Meanwhile, Todd McKinnon, CEO, and co-founder of Okta, said “Organizations across sectors — from the government to technology to banking — require solutions that mitigate risk, reduce friction, and work within their existing technology environments. Our goal is to relieve customers from the complexity and overhead of legacy solutions while delivering a secure, scalable, and compliance-based access experience that fully supports their business goals and objectives.”

Jay Chaudhry, CEO, chairman, and founder of Zscaler, pointed out that the network security model has to be turned on its head. He believes that the old castle-and-moat approach to defending the user, application, and data facilitates lateral threat movement once intruders get inside the network.

“The architecture needs to change. Trust no one. Based on identity, based on device posture, based on other attributes, then connect only the right user to the right application and data, not to the network. That’s where organizations must shift to, and we’re pleased that CSA continues to lead in educating the market on this crucial shift in architecture and approach,” added Chaudhry.

The center builds upon several existing CSA projects, including the groundbreaking Software-Defined Perimeter research series, Cloud Controls Matrix, Enterprise Architecture, and other related virtualized security models.