“Good security first delivers a business outcome and then, and only then, as a result, increases security,” noted J. Wolfgang Goerlich, advisory CISO at Cisco Secure.
The benefits of adopting zero trust go beyond its drivers. Through zero trust, organizations not only avoid risk (and thus unnecessary costs) but also save capital through operational efficiencies and enable business.
Since implementing zero trust takes two or more years, Goerlich pointed out that organizations may not necessarily have 100% zero trust. “Today, the strongest predictor of whether or not organizations feel that they are achieving zero trust is whether or not they have automation, orchestration in place,” he said.
Aberdeen found that endpoint detection and response (EDR) and extended detection and response (XDR) are becoming mainstream as a result of zero trust thinking.
Goerlich reiterated this and added that organizations increasingly pair extended detection and response (XDR) with zero trust. “If you have a zero trust project in progress, you are 40% more likely to say, ‘I have an XDR/EDR project,’” Goerlich said. “ Because as we harden that layer, criminals are going to move. If you have end-to-end protection, where do they go? They go to the edge.”