Skip to main content

Zero-trust trends for 2022

3D illustration of a blue network with icons and the text zero trust written on the front. Black background. Concept of secured network.
Image Credit: Olivier Le Moal // Getty Images

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


Demand for endpoint security visibility and control will grow faster than the market, leading all zero-trust priorities in 2022. Improving Identity and Access Management (IAM) effectiveness, hybrid cloud integrations, and automating patch management will follow.

Cloud-first zero trust platforms have won the enterprise because of the cost savings, speed, and scale they deliver over legacy systems. Look for cybersecurity vendors who offer well-documented, secure APIs and consumption-based and subscription pricing to grow the fastest this year. Eighty-three percent  of security and risk professionals say zero trust is an essential strategy for their organizations, and 80% plan to implement zero trust in 2022.

Zero-trust spending will accelerate in 2022 

Organizations and the CISOs leading them are starting to see that zero trust doesn’t have to be expensive or hard to implement to be effective. That realization, combined with President Biden’s executive order mandating zero trust architectures for all governmental entities, will accelerate adoption across all organizations. Gartner predicts spending on zero trust network access (ZTNA) solutions will grow from $820 million this year to $1.674 billion in 2025, attaining a 26% Compound Annual Growth Rate (CAGR). Worldwide spending on information security and risk management is projected to reach $170 billion this year, increasing to $233 billion by 2025, achieving an 11% CAGR. Security services, infrastructure protection, and IAM will drive $122 billion in spending this year alone.

Insurance, financial services, and manufacturing CISOs told VentureBeat that creating a business case for zero trust made them realize how limited their visibility and control over endpoints are. CISOs and their teams find endpoints overcrowded with software agents, leaving them more vulnerable than before. Absolute’s 2021 Endpoint Risk Report found an average of 12.9 mission-critical applications per enterprise device, 11.7 of which are security controls. The more software clients on an endpoint, the higher the probability of a packet, message, and monitoring collisions, leading to a more rapid decay in the fidelity and quality of the security data.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

4 trends defining zero trust in 2022 

Many organizations are falling behind in tracking every machine, human, and endpoint identity. It gets worse when it comes to patch management across the thousands of devices being used remotely. Cloud-delivered, clientless zero trust platforms are an economical alternative to adding another endpoint agent that relies on legacy trust-based authentication. The goal is to remove trust completely from the tech stack because it’s a major liability. Based on conversations with CISOs from healthcare, information services, financial services, and manufacturing, here are the four trends that define zero trust in 2022:

1. Demand for endpoint security visibility and control is growing faster than the market

CISOs tell VentureBeat endpoint security budgets were the most defensible parts of their fiscal budgets, and there’s strong interest in self-healing endpoints. Self-healing endpoints capable of identifying an attack, taking steps to stop an intrusion attempt, then rebuilding itself is the goal. The most valuable zero trust endpoint platforms provide real-time asset and patch management data, which provide the visibility and control they need. Absolute Software, Akamai, Blackberry, Cisco, Ivanti, Malwarebytes, McAfee, Microsoft 365, Qualys, SentinelOne, Tanium, Trend Micro, Webroot, and many others claim to have endpoints that can autonomously heal themselves.

Absolute, Ivanti, and Microsoft are noteworthy for how innovatively they simultaneously solve endpoint security and asset management. Absolute relies on firmware-embedded persistence as the basis of their self-healing endpoints and endpoint analytics that includes asset management data. The company’s approach to self-healing endpoints is based on a firmware-embedded connection that’s undeletable from every PC-based endpoint. Ivanti Neurons for Unified Endpoint Management (UEM) provides a platform to secure endpoints and provide greater visibility and control using AI-based bots to scan every endpoint. Ivanti customers use the Neurons platform to achieve zero trust to the endpoint level and improve IT service management (ITSM) and IT asset management (ITAM). Finally, Microsoft Defender 365’s approach relies on behavioral-based detection and scans every file or artifact in Outlook 365, correlating threat data from emails, endpoints, identities, and applications while defining any autonomous action needed to protect the endpoint.

The top five trends in endpoint security provide greater insights into how this area of the zero trust security market will accelerate in 2022. Forrester discovered that machine identities grow twice as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military), and IoT devices. The predominant machine identities are for IoT devices. Interested in learning how to secure them from a DevOps perspective, VentureBeat recently interviewed Eystein Måløy Stenberg, cofounder and CTO at Northern.tech, and product manager at Mender.io. Northern.tech specializes in IoT security product development, and Mender is an over-the-air update manager they created for IoT devices.

“Given IoT devices largely operate in uncontrolled and potentially hostile environments, companies cannot assume there is any security perimeter, even physically. Centralized firewalls, VPNs, and identity databases are heavily used to secure cloud and desktop environments, but these centralized technologies are not suitable for the IoT environment,” Eystein said.

“In IoT, the main approach to security is decentralized, and this is why applying the zero-trust framework at the device level is the only possible path forward,” Eystein explained. “Since zero trust is both more important and easier to implement in IoT devices than cloud-based infrastructure, we expect to see a growth in this methodology fueled by the fast growth of the overall IoT market.” IoT architectures and platforms are becoming core to zero trust initiatives, evidenced by AWS’ series of announcements at their re:Invent conference last fall.

2. CISOs will invest more to improve IAM effectiveness in 2022

All organizations were unprepared for the scale and sophistication of cyberattacks the majority experienced last year. That’s a primary factor driving CISOs to evaluate a zero trust-based approach to passwordless authentication for their virtual teams. Privilege abuse is the leading cause of breaches today. Stopping privileged access abuse starts by designing a passwordless authentication system that is so intuitive that users aren’t frustrated using it while providing adaptive authentication on any mobile device. Leaders in the field of passwordless authentication include Ivanti, Microsoft Azure Active Directory (Azure AD), OneLogin Workforce Identity, and Thales SafeNet Trusted Access. Ivanti’s Zero Sign-On (ZSO) approach to combining passwordless authentication and zero trust on its Unified Endpoint Management (UEM) platform uses biometrics, including Apple’s Face ID as the secondary authentication factor for gaining access to personal and shared corporate accounts and systems.

CIOs tell VentureBeat that improving IAM integration in collaboration with CISOs will become a higher priority this year to achieve a more integrated identity concept across their organizations. Forrester, in their report last year on the top trends impacting shaping IAM, advised their clients to take a more granular and dynamic network access approach based on zero trust edge (ZTE) that identifies network traffic and activity to well-identified, authenticated, and authorized users (human and machine identities). Leading providers in this area include Ericom Software and their ZTEdge Zero Trust Security platform. What’s noteworthy about the Ericom platform is how it combines microsegmentation, zero trust network access (ZTNA), secure web gateway (SWG) with remote browser isolation (RBI), and ML-enabled identity and access management (IAM), enabling organizations to enforce consistent zero trust access policies across the key device, application, web, and network touchpoints.

3. Zero trust becomes the foundation of more hybrid cloud integrations

Unfortunately, organizations’ track record getting hybrid cloud security right is mixed. That’s because hybrid cloud configurations themselves are hard. By definition, a hybrid cloud is an IT architecture comprised of legacy IT systems integrated with the public, private, and community-based cloud platforms and services. Hybrid clouds’ simple definition conflicts with the complexity of making them work securely and at scale. According to Flexera, 92% of enterprises have a multi-cloud strategy, and 82% have a hybrid cloud strategy.

APT-based attacks on the SolarWinds scale happen in part because there’s no least-privileged access policy in place across hybrid cloud configurations. Enforcing least privileged access across every user and administrator account, endpoint, system access account, and cloud administrator accounts is one of the most valuable zero trust lessons learned and one that enterprises are acting on today. Giving user accounts just enough privileges and resources to get their work done and providing the least privileged access for a specific time is essential. Getting microsegmentation right across their IT infrastructures will eliminate the potential of bad actors to move laterally throughout networks. Logging and monitoring all activity on a network across all cloud platforms is key to securing hybrid cloud integrations with zero trust. Every public cloud platform provider has tools available for doing this. AWS CloudTrail and Amazon CloudWatch, which monitor all API activity, are useful for organizations on those public cloud platforms. Vaulting root accounts and applying Multi-Factor Authentication across all accounts is a given.

4. AI-based patch management is growing as enterprises struggle to update endpoints with least privileged access control

CISOs tell VentureBeat that previous approaches to perimeter-based control have resulted in their organizations having several, often conflicting, endpoint security platforms. Legacy perimeter-based systems often relied on trusted domains and interdomain trust relationships that proved ineffective in stopping breaches years ago. Organizations plan to improve endpoint resiliency and control by re-evaluating every endpoint’s current tech stack and simplifying them with least-privileged access controls more consistent with zero trust strategies. Absolute’s 2021 Endpoint Risk Report found that 11% of endpoint devices have installed two or more IAM apps, and 52% have installed three or more endpoint management tools.

The more IAM and endpoint management tools installed, the greater the potential for software conflicts and endpoints that lack any least privileged access control. IT and security teams need to fully automate patch management instead of relying on an inventory-based approach prone to error. Automating patch management offloads help desk tasks, saves valuable IT and security team time, and reduces vulnerability remediation service-level agreement (SLA) metrics. Using bots to automate patch management by identifying and prioritizing threats and risks is fascinating to track, with CrowdStrike, Ivanti, and Microsoft being the leading vendors in this area. Data-driven patch management is helping defeat ransomware with AI and machine learning techniques today.

The future of zero trust 

CISOs tell VentureBeat that zero trust is now being discussed regularly at the board and C-level as organizations look to replace legacy perimeter-based systems with ones that can provide least-privileged access, microsegmentation, and the core foundations of a zero trust strategy. In addition, organizations are concentrating on endpoint security, improving IAM effectiveness, hybrid cloud security, and automating patch management to improve least privileged access. Look for the cybersecurity vendor landscape to reflect these priorities with more mergers, acquisitions, and private equity investors looking to create competitive platforms.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.