Out of every ten data breaches, seven (68%) involved a non-malicious human element, such as a victimized person, as per a 2024 report by Verizon Business. This number highlights that employees believe their corporate networks are protected against fraud and attacks — and it is precisely this false sense of security that the Zero Trust strategy aims to combat.
“To understand the concept, one must first acknowledge the problem it aims to solve: the excessive trust in corporate networks,” explains Luiz Wagner Grilo, responsible for the network & cybersecurity business unit at Unentel, a distributor of technological solutions for companies.
The premise “distrust everything and everyone” aims to ensure that every access, whether internal or external, is authenticated and monitored. According to Gartner estimates, 63% of companies worldwide have already adopted Zero Trust, either partially or fully. For 78% of these organizations, this strategy represents up to 25% of the total budget allocated to cybersecurity.
The concept emerged in 2010 with the proposal to complement the already traditional VPNs (virtual private networks) through a combination of administrative controls. Grilo also emphasizes that, unlike traditional approaches that segment the network into zones with different levels of trust, Zero Trust starts from the principle that no entity, internal or external, is inherently trustworthy.
“Zero Trust, besides being a technological architecture, is an organizational mindset change that redefines the way security controls are implemented. Unlike what many believe, it is not just a cybersecurity solution, but rather a new culture to correct flaws in systems,” analyzes the network & cybersecurity expert.
With the accelerated advancement of Cloud Services adoption, the 2024 Global Cloud Security Report from Check Point revealed a significant jump in the number of corporations concerned about business protection, increasing from 24% in 2023 to 61% in 2024 – a growth of 154%.
However, by adopting Zero Trust, organizations and their IT teams need to understand that this is an ongoing process, not a destination. “The journey towards zero trust evolves as various factors change, such as company needs, the growing use of the network through applications, platforms and new technologies, the evolution of connected devices, user profiles, and emerging threats that require new security solutions implemented by the responsible team,” concludes the executive.
