Using a zero trust model can help tackle some of the major challenges in cybersecurity today, including the skills gap.

In July 2020, Deloitte surveyed webinar attendees about their organizations’ plans to implement a zero trust model. The poll found that four challenges had disrupted the efforts of many employers. A lack of skilled workers garnered the most attention at 28.3%. Close behind was a lack of needed budget at 28.1%, followed by lack of discernment in how to get started (12.8%) and being unable to choose between technologies/vendors in the market (12.7%).

Luckily, these challenges don’t have to stand in the way of teams adopting a zero trust security model. They can implement steps to address each of the challenges referenced above.

This first installment in a four-part series will tackle the cybersecurity skills gap.

What Is the Cybersecurity Skills Gap?

The skills gap refers to the ongoing lack of trained personnel whom employers can hire to fulfill their security needs. To illustrate the pervasiveness of this phenomenon, a cooperative research project by Enterprise Strategy Group and the Information Systems Security Association found that over half (52%) of respondents believed hands-on experience was more important to their careers in cybersecurity than certifications. Yet, when asked how they felt about their employers’ levels of training for skills, 65% of respondents say their employers should provide at least a bit more training to meet the demands of their jobs.

That’s not a theoretical issue. About the same number (63%) of those who responded say they’ve been in the security industry for less than three years. No wonder 68% of respondents feel they lack a clearly defined career path going forward.

Learn more on zero trust

Using a Zero Trust Framework to Solve the Skills Gap

Employers find themselves with a problem as a result of the skills gap. On the one hand, they realize their network infrastructure suffers from a human flaw: the emotion of trust.

More and more organizations are recognizing trust doesn’t inherently belong in the network. They’re beginning to look to the zero trust security model as a way to remove unneeded trust.

On the other hand, employers are struggling to find talented personnel who can manage trust across their IT systems. They might lack the skilled workforce needed to remove some sources of trust and preserve others. Because of this, they might feel the zero trust model doesn’t fit their needs.

Vendor Solutions as a Way Forward

Luckily, there’s a way forward. Employers don’t have to rely on internal expertise to put zero trust in place. They can instead invest in vendor solutions that rely on AI and machine learning to keep customers secure. With the help of a managed security service provider (MSSP), employers can draw upon the expertise of external experts in shaping the way their systems manage trust.

Cunningham agrees with the promise of these types of offerings. In fact, he feels these solutions could help employers manage trust across their systems better Thereby, this enables them to scale their zero trust models as their needs continue to evolve and change.

” … [L]et’s leverage those concepts but combine it with the technologies that are available to actually do those things and remove trust at the grand scale,” Cunningham says on the Security Intelligence podcast. “And that’s kind of the evolution, those basic tenets still apply, but now we’re actually leveraging vendor solutions to do exactly what, you know, that concept was kind of preaching.”

Of course, organizations would need to be able to find a zero trust solution that is customizable and serves their security needs. They also need to make sure they have the security budget to accommodate that tool. Much of this advice boils down to asking prospective vendors the right types of questions about their solutions. More on that in another installment of this series.

For now, employers who are strapped for skilled personnel need to realize the skills gap hasn’t trapped them. Now is the time for them to begin exploring the vendor landscape for solutions that can help them put zero trust in place.

More from Zero Trust

Zero Trust Data Security: It’s Time To Make the Shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

4 min read

How Zero Trust Changed the Course of Cybersecurity

4 min read - For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods inadequate. Clearly, the perimeter no longer exists. Then the pandemic turned the gradual digital transition into a sudden scramble. This left many companies struggling to secure vast networks of remote employees accessing systems. Also, we’ve seen an explosion of apps,…

4 min read

SOAR, SIEM, SASE and Zero Trust: How They All Fit Together

4 min read - Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

4 min read

Contain Breaches and Gain Visibility With Microsegmentation

4 min read - Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

4 min read