Season 3, Episode 4: Forrester Principal Research Analyst on Zero Trust, David Holmes, shares his perspective on the current and future state of Zero Trust.
Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.
Zero Trust is a concept, a strategy, a philosophy, and, for some poor souls, a solution you can buy (it’s not). Through our three seasons, we have heard about MVPs, learned from the godfather of Zero Trust, been aided by Dr Zero Trust, and even heard from current and former federal officials about their stance on the concept. However, we have yet to touch on the current an future state of Zero Trust, and for that, we look to Forrester Principal Research Analyst on Zero Trust, David Holmes.
Prior to joining Forrester, David spent a decade researching, writing, and speaking about cybersecurity topics for network and application security vendors. Before entering the cybersecurity space, he was a C/C++ software developer specializing in authentication and authorization, network protocols, and cryptography. So you could say he knows a thing or two about the subject at hand.
TL;DR
- Holmes explains that Zero Trust's core principles remain unchanged: all networks are untrusted, least privilege access is enforced, and everything is inspected and monitored.
- The COVID-19 pandemic has accelerated the adoption of Zero Trust as organizations were forced to work remotely and faced VPN overloads.
- David shares his perspective on the current and future state of Zero Trust, as well as areas he would like to see the vendor market seek to solve.
- The biggest example of successful Zero Trust implementation is Google. Since implementing Zero Trust, no major breaches have been reported.
- In addition to Google, there is a smaller organization that successfully implemented Zero Trust using existing tools, indicating that Zero Trust can be achieved without significant financial investment.
- However, achieving full Zero Trust is a journey rather than a destination, similar to cybersecurity itself. It's an ongoing process of adaptation and improvement.
