We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Being able to distinguish a legitimate user from a threat actor is a capability that every security team needs to have. Today, there are simply too many malicious threats to trust-on-first-use, and assume that a user or device connecting to the network has good intentions.
Modern security teams need to have a complete zero-trust strategy built on the assumption that every device or user that connects is malicious until proven otherwise.
The problem is that few organizations have the expertise needed to build a technology ecosystem that can verify and authenticate users each time they access a protected resource.
In fact, research shows that while many organizations have fully implemented or are attempting to implement zero-trust strategy, more than half (59%) don’t have the ability to authenticate users and devices on an ongoing basis.
Making zero-trust accessible
In an attempt to lower the barrier to entry to zero-trust network access, today, Deloitte announced the launch of Zero Trust Access, a new zero-trust access managed security service that security teams can use to secure communications between users, devices and applications.
Zero Trust Access will offer decentralized peer-to-peer (P2P) connectivity between end users and applications, so that sensitive data traffic doesn’t traverse through any third-party managed point-of-presence (POP) devices.
This not only helps to prevent man-in-the-middle attacks, but reduces an organization’s overall exposure to third-party risks. The service also offers continuous authorization, application segmentation and attack-surface management.
Implementing zero trust
In the world of networking, implicit trust is a dangerous thing. Giving the benefit of the doubt to a malicious threat actor can lead to a massive data breach that costs tens of thousands (or even millions) of dollars to rectify.
For organizations attempting to endure the current threat landscape, the continuous enforcement of zero trust is a must-have.
“Legacy approaches for remote access to enterprise resources are typically dependent on routing network traffic through corporate data centers and layering additional controls for threat detection and prevention,” said Deloitte risk and financial advisory’s zero-trust offering leader and principal, Andrew Rafla.
“However, those legacy approaches and technologies often grant implicit trust to the entire enterprise upon successful authentication, which can increase the risk of lateral movement threats and violate the core zero-trust principle of ‘never trust, always verify.’ Our Zero Trust Access solution addresses these challenges and helps secure the ubiquitous nature of the modern enterprise,” Rafla said.
Rafla explained that the new Zero Trust Access service will help Deloitte clients to accelerate adoption of zero trust so they can secure their environments from threat actors while decreasing the burden on in-house IT and security teams.
The zero-trust authentication market
The launch of Deloitte’s new service comes as the zero-trust security market continues to grow, with researchers anticipating the value will increase from $27.4 billion in 2022 to reach $60.7 billion by 2027.
With Deloitte already generating significant revenue of $2.5 billion last year, it has the financial strength to become a key player in the zero-trust authentication market.
However, the organization will be competing against some extremely popular providers, including Palo Alto Networks with Prisma Access, a cloud platform that offers continuous trust verification for users and devices.
Palo Alto Networks recently announced raising $1.4 billion in revenue in their fiscal third quarter of 2022.
Another prominent competitor in the space is CrowdStrike, which recently reported raising total revenue of $1.45 billion during the 2022 fiscal year, and offers a cloud-native zero-trust platform with multidirectory identity stores and behavioral-risk analytics.
Besides being a managed service, the main differentiator between Zero Trust Access and existing solutions is that it can operate as a standalone service or integrate alongside Deloitte’s other product offerings, such as cyber and strategic risk management solutions, to provide more comprehensive security support.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.