The Need for a Zero Tust Framework
When I created the Zero Trust eXtended (ZTX) Ecosystem Framework at Forrester Research (yes it was me), the market for cybersecurity was pretty much an unfocused mix of technologies; all focused on “stopping breaches.” Well, that wasn’t really working. If anything, the market was really pushing for expense in depth, rather than actual defense in depth and there was no real grand strategic framework for overall cyber planning. So we worked to create a framework that would build off of the tenets of the model John Kindervag had preached about for years.
That framework finally seemed to be the catalyst that the market needed to vector in on as an effective strategic approach to the reality of problems in cybersecurity. Great, we got one right. But—as markets do—the idea and concept were quickly adopted but the implementation has languished for many organizations. But why? If the strategic value is so well understood and there is a volume of material to validate the need for Zero Trust, why were organizations still hesitant to work to deploy that strategy into their infrastructure?
Challenges in Implementing Zero Trust
Well, the question from nearly all of the organizations I talked to was “Where do we start?” As a matter of fact, there are books and entire consulting companies now that focus on answering that question. But that’s actually an easy question to answer. You start with knowing what is already compromised in your enterprise which allows you to find and fix threat activity that is currently in operation. Then you follow that by keeping a constantly updating inventory of assets and establishing a baseline of activity, then if anything changes you remediate those issues. The more you can automate and activate that process, the better you are doing. Yes, there are other things that should also be done as part of the ZT strategy, but triage comes first and this is cyber triage 101. Many folks would call that process gaining visibility, which is correct.
The Forrester Wave: Network Analysis and Visibility
When I saw The Forrester Wave™: Network Analysis and Visibility Q2 2023 come out this year I was very excited. It’s a first-of-its-kind report that finally put the concept of Zero Trust into an independent third-party research methodology that would help companies understand not just the “why” anymore but the “how,” for Zero Trust. Having been a Forrester Analyst I know the process and methodology that goes into those Wave reports and to see an organization like Lumu emerge as a leader indicates a few things to me:
- Technological Merit: Lumu’s technology has met all the merits of a LONG list of requirements and the solution’s efficacy has been recognized by not only the analyst but a list of end users.
- Customer Satisfaction: Lumu’s customers are gaining real wins with the solution specific to the problems that are inherent to the NAV category. In other words, Lumu’s customers are able to directly cite benefits and value gained from using Lumu in their organization’s infrastructure, and those clients are willing to stand on the record and be referenced for those benefits.
- Consistent Delivery: The Lumu team demonstrated over a period of months that they could consistently deliver technical outcomes and business value from their solution during a series of demanding demonstrations and reviews by a third party who had no vested interest in seeing them succeed.
This Wave for NAV and Zero Trust is a watershed moment in the cybersecurity market. Seeing a somewhat “underdog” like Lumu come out swinging and punch well above their weight class is a very good thing. This market needs innovators and vendors that can solve critical problems like visibility, control, and remediation of threats for their customers in real systems. This is a competitive market and there is real value in knowing that some companies are both technically capable and strategically aligned on a market initiative like Zero Trust.
I believe Lumu’s marks in this Wave validate their position as a leader. Zero Trust and the use of the ZTX framework are continuing to make waves in the global cybersecurity market; Lumu is well positioned to aid organizations ride that tsunami and it is my opinion that the Forrester Wave™: Network Analysis and Visibility proves that.