I have often joked that IT, and in particular cybersecurity, is like fashion — not a lot is ever new, just reimagined and, in some cases, improved. As I sit pondering the beauty of my COVID-19 comb-over mullet, I have found myself thinking about how this fashion analogy applies to zero trust.
Given my experiences with zero trust and other similar approaches over the last 20 years, I can’t help but wonder if the time is finally right for zero trust to become the mainstream fashion trend when it comes to cybersecurity architecture best practice. I certainly feel the technology ecosystem seems ready for broader adoption of zero trust; now it’s mostly down to how we execute.
Although we’ve been talking about zero trust for nearly 10 years since Forrester developed this specific approach, I could almost count successful implementations of zero trust on one hand. As with fashion, it always takes a few brave souls to be the trailblazers: to persist and make the proverbial fashion faux pas before we know how to deal with the real challenges of such an approach in order for the rest of us to be successful (or fashionable). It is through this initial trial and tribulation by a few that we start to see broader acceptance and success for the masses.
Splunk and the Zero Trust Approach
A great part of my role at Splunk (did you know we also sell t-shirts?) is speaking to a very broad range of our customers across the globe about fashion… oh, and also their security strategies and initiatives. From many of these conversations, it certainly seems that zero trust has become a common theme, especially in recent months. Some of this has been spurred by the recent dramatic shift to remote work; however, many organizations had been considering or, in some cases, already working on a zero trust approach long before 2020.
Although an extremely popular theme with the customers I speak to, it’s obvious that being “cool” or “hip” when it comes to zero trust is an increasingly complex challenge. In order to keep up with the latest zero trust trendsetters, organizations need to adopt a risk-based approach in order to focus their efforts where they matter the most. It’s important to remember that zero trust is not just about pervasive security controls; monitoring and analytics also play an important role and can help accelerate zero trust outcomes by complementing a control-based approach.
In order to help our customers achieve their zero trust objectives — and be as fashionable as possible — we have worked to develop a variation of the Splunk Security Data Analytics Journey specifically for zero trust. This approach guides organisations through the various stages of how they can leverage a data-driven approach to achieve zero trust outcomes and improve the overall security capabilities of the organization in the process.
Splunk Security Data Analytics Journey
Through various features of Splunk security solutions, including risk-based alerting in Splunk Enterprise Security and MITRE ATT&CK mapping in both Splunk Enterprise Security and Splunk Security Essentials, we facilitate a broad range of zero trust use cases — everything from basic monitoring to advanced behavioural analytics. We also cover how solutions like Splunk SOAR for security orchestration, automation and response can help you coordinate and automate your investigation and response processes in a zero trust world.
By aligning the Splunk approach for zero trust to relevant MITRE ATT&CK tactics, we have been able to provide over 200 use cases that serve to augment a control-based approach with detections that provide coverage where controls cannot. To further support this, Splunk has partnered with a number of leading zero trust technology solution providers — such as DTEX, CloudKnox, Illumio, Okta, and Zscaler — to build an extensive ecosystem approach that helps our customers achieve their zero trust outcomes sooner.
Our ITOps friends can also keep up with the latest zero trust fashion trends, too! We have included how this same approach (and same data) can help support the IT operations and monitoring requirements for zero trust. Think of it sort of like matching tracksuits for IT and security, but way more fashionable. Seriously though, zero trust means nothing if there is zero access to your systems and data. So, end-to-end monitoring of a zero trust architecture to ensure availability is just as critical to your zero trust strategy as the security aspects.
We encourage you to take a look at "The Essential Guide to Zero Trust." Whether you were hip to the zero trust trend before it started being cool, or are arriving fashionably late, this guide will help you realise your dreams of becoming a zero trust fashionista and allow us to move on to the next security trend to keep ahead of the so-called fashion mainstream. I know I am already considering what hairstyle I want next after the mullet… if I take the advice from my trendy 11-year-old, it looks like mohawks are coming back.