Will Zero Trust become a reality?
It’s been years since the concept of “trust no one, verify everything” became mainstream, but most organizations still struggle to implement it in their own domains.
A recent CyberRisk Alliance survey of IT security professionals found that while 57% of organizations have embraced zero trust online, only 30% have partially or fully adopted it. It was found that only. These numbers do not accurately represent progress. The obstacles cited by respondents—high costs, administrative complexity, and lack of guidance—understand why zero trust efforts are often stalling rather than booming.
However, the application of AI in zero trust could be a turning point. Here’s how:
AI makes zero trust more dynamic and less complex
Zero Trust security operates on continuous verification and authentication. Trust is not extended by default and all access requests must be vetted to ensure that the person or thing attempting access is who they say they are. There’s no such thing as “once you’re in, you’re out.”
This policy of continuous validation lends itself well to the use of AI. AI is expected to help move security from fixed, static operations to dynamic, adaptable operations based on context and continuous monitoring. For example, AI can adjust user privileges based on real-time risk assessments, automate incident response, and develop scripted actions that learn from user activity and threat incidents and adjust over time. You may be able to do so.
Smart application of AI in Zero Trust frameworks could help address long-standing criticisms of Zero Trust initiatives. The idea is that layering additional security controls can inadvertently irritate privileged users trying to get from point A to point B. With moment-by-moment, context-based control along with past trends, AI could be trained to find a middle ground that eliminates obstacles to authorized users while at the same time ZT is enforced. .
AI speeds up threat detection and aids threat intelligence
In 2023, we saw our enemies throw everything against the wall to see what would stick. Unfortunately, many of their tactics worked. From devastating attacks on healthcare networks, to supply chain attacks and large-scale phishing campaigns, to advanced uses of AI-powered social engineering, traditional defenses cannot stop this new generation of threats. The insufficiency set off alarm bells in the industry.
In CyberRisk Alliance’s Zero Trust survey, respondents said they believe they need more help going forward and see opportunities for AI to step in where other tools have failed. Specifically, AI supports Zero Trust efforts by identifying breach attempts faster, uncovering patterns in user behavior and network activity, and thwarting convincing phishing attempts. I’m most excited about.
Importantly, AI combines incredible speed, accuracy, and data depth to provide a rich, contextual understanding of the threats that Zero Trust practices aim to eradicate. In the coming years, the convergence of generative AI tools and his Zero Trust playbook may make this long-sought security philosophy a reality for the first time.