With enterprises considering the Internet as a catalyst to grow their market presence and enhance their profits, a robust cybersecurity model has become vital. Cyber-attacks in the recent past have transformed from merely viruses and worms targeting workstations to for-profit malware reaching servers, as well as serious ransomware and DDoS (distributed denial of service) attacks potentially impacting the entire infrastructure of an organisation. Many companies claim to protect enterprises from malicious activities. But Akamai, the company that is moving from just being a content delivery (CDN) provider to security enabler for enterprise customers, believes a "zero trust" model is the need of the hour.
The Cambridge, Massachusetts-headquartered company specifies that simply opting for a firewall or antivirus software isn't enough to protect workplaces that have modern policies, such as allowing employees to work from home or letting them bring their own devices.
"Zero trust really as an approach is a reflection of the current, modern working environment that more and more organisations are embracing now," Nick Hawkins, Senior Director of Product Management — Enterprise, Asia Pacific and Japan, Akamai, tells Gadgets 360 in a telephonic conversation.
Hawkins underlines that since people nowadays use laptops and smartphones to perform their professional tasks and access business applications while on-the-move, traditional ways of protecting businesses from cyber-attacks are no longer effective. Hence, the executive recommends the need of the hour is to follow the principle of "never trust, always verify" that is the essence of the zero trust security model.
"In many organisations, you may see a multi-cloud environment where people are using AWS (Amazon Web Services), Google Cloud, and Cisco solutions for distinct applications. This requires a consistent security approach for all the users whether they're using their personal devices or company devices, inside or outside the company network or even performing their tasks from their homes," he says.
Under the zero trust approach, devices are protected regardless of their physical location. Hawkins explains that the new security offering works by using an identity-based approach to ensure that employees' devices are protected everywhere. The approach is considered as all-pervasive, capable of powering not only large, but also small-scale organisations across various types of industries.
"I think some of the difference that you may see can be varied depending upon the size of the organisation — certainly large organisations need a more robust and active security architecture than their smaller counterparts," Hawkins tells Gadgets 360.
Aside from recommending the zero trust model to enterprise customers, Akamai uses the same concept to protect its own cloud infrastructure. "We're actually in the migration process on our zero trust journey, and we're migrating from our traditional security architecture on to the Akamai Zero Trust platform," reveals Hawkins. "Within the organisation, we're not doing anything truly special."
With the new approach, Akamai is also trying to make a case to convince organisations to switch to the new and emerging security architecture. With that said, traditional firewalls aren't going away anywhere just yet.
"We would certainly be recommending organisations to get a middleware firewall," states Hawkins. "But I think what we can do is we can offload and send model-based functions through a cloud and simplify the future of deployments to enable security at a broader level."
Switching away from traditional models has certainly become important for enterprises as many of them attempt to expand their presence in the Web world to cater to the demands of digital-first audiences. According to a report by Accenture, 90 percent of companies rank their business growth through Internet-enabled initiatives and 76 percent have become largely dependent on the Internet over the last 10 years.
However, Internet-powered growth has also lead to an increase in cyber-attacks. As per a Microsoft-led study released in December, cyber-attacks cost large India companies over $10.3 million (roughly Rs. 72.31 crores) in losses in each year. A recent survey conducted by EY separately found that employees who weren't aware of the best cybersecurity practices were the leading cause for an increased risk of cyber-threat exposure over the past 12 months.
All this highlights the growth potential of the zero trust approach in the market.
Notably, Akamai isn't the only solution provider that has opted for the zero trust model to offer security to its customers. Several other companies have also started adding the new approach to their bouquet. In fact, the term zero trust was coined by Forrester Research Principal Analyst John Kindervag back in 2010.
Hawkins, however, points out that what Akamai is offering today is different from the competition. The company claims that it provides a single sign-on for all corporate applications — no matter whether they are on-premises, Software-as-a-Service (SaaS), or Infrastructure-as-a-Service (IaaS). It also enables enterprises to integrate its model within their existing security information and event management (SIEM) solutions and receive detailed reporting.