Zscaler, Okta, CrowdStrike seek to combat zero trust ‘confusion’

Join today’s leading executives online at the Data Summit on March 9th. Register here.

Three fast-growing cybersecurity vendors are sponsoring a new initiative from the Cloud Security Alliance that aims to provide research and education around the concept of zero trust security.

The Cloud Security Alliance (CSA), a not-for-profit organization, said today that it’s launching the new Zero Trust Advancement Center initiative, with support from Zscaler, Okta and CrowdStrike.

Over the next 18 months, the Zero Trust Advancement Center will publish research whitepapers, offer courses on zero trust strategy and architecture, hold a Zero Trust Summit (slated for the fourth quarter) and launch a webinar series.

The center will also debut a new professional credential, the Certificate of Zero Trust Knowledge, and conduct a new survey. The results of the survey — CISO Perspectives and Progress in Deploying Zero Trust — will be released at the RSA Conference in June.

The center’s activities and research will be offered online, as well as through the organization’s global network, CSA said.

In a news release, Cloud Security Alliance CEO Jim Reavis said that the organization’s “large community” has “made it known that there is a lot of confusion about zero trust.” At present, there is a shortage of “quality education” about zero trust security that is delivered in a “vendor-agnostic setting,” Reavis said.

‘Lost its meaning’

In a recent interview with VentureBeat, Zscaler founder and CEO Jay Chaudhry said that when it comes to zero trust, he is “very disappointed to see that the term has become a buzzword,” which is frequently being misapplied.

“Legacy companies have hijacked the term. It has lost its meaning,” Chaudhry said.

In particular, he’s been unhappy to see some vendors claiming their network security offerings enable zero trust.

“Either you’re zero trust or you’re network security. You don’t do both,” Chaudhry said.

True zero trust involves connecting users directly to applications without going over the network at all, he said. And that type of architecture “is the opposite of network security,” Chaudhry said.

In the news release today, Chaudhry said that “the network security model has to be turned on its head.”

“The old castle-and-moat approach to defending the user, application and data facilitates lateral threat movement once intruders get inside the network,” he said in the release. “The architecture needs to change. That’s where zero trust access comes in. Trust no one.”

Based on identity, device posture and additional attributes, zero trust ensures that “only the right user [gets connected] to the right application and data, not to the network,” Chaudhry said. “That’s where organizations must shift to, and we’re pleased that CSA continues to lead in educating the market on this crucial shift in architecture and approach.”

Revenue for Zscaler’s fiscal second quarter, ended January 31, surged 63% to $255.6 million, from the same period a year ago. The company’s Zero Trust Exchange combines a cloud-based secure web gateway with cloud-delivered zero trust network access (ZTNA).

Zero trust standards

In the news release, Okta cofounder and CEO Todd McKinnon said that a key goal of his company, a leader in identity and access management, is to “relieve customers from the complexity and overhead of legacy solutions” while provide a secure and scalable access experience.

“This is why zero trust is so relevant, and why we’re proud to support CSA’s efforts to shape industry thinking on this topic,” McKinnon said.

Okta reported that revenue in its fiscal fourth quarter, ended January 31, jumped 63% year-over-year to $383 million.

At CrowdStrike, cofounder and CEO George Kurtz pointed to recent research from the company showing that nearly 80% of cyberattacks now use identity-based methods to compromise legitimate credentials — which helps enable attackers to evade detection.

“The time is right for us to accelerate the deployment of zero trust industry standards, and we look forward to working with CSA, Okta and Zscaler on this initiative,” Kurtz said in the news release.

CrowdStrike announces its fourth-quarter results later today. The company’s third quarter, ended October 31, saw revenue climb 63% to $380.1 million, from the same quarter the year before.

Ultimately, Reavis said that the CSA, in partnership with the three vendors, are teaming up to “accelerate the creation of standards-driven zero trust knowledge in our new center.”

Executive members of the CSA are DTCC, Google, Huawei, IBM Security, Microsoft, Netskope, OneTrust, Oracle Cloud, Qualys, Wiz and Zscaler.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Source: Read Full Article