Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

The VC View: Identity = Zero Trust for Everything

Identity very much seems to be an acquired taste… Most everyone’s first experience with identity comes down to usernames and passwords. And that’s enough for most users, “just let me get past this screen so I can do what I’m trying to do.”

Identity very much seems to be an acquired taste… Most everyone’s first experience with identity comes down to usernames and passwords. And that’s enough for most users, “just let me get past this screen so I can do what I’m trying to do.”

Historians will remember passwords to be a temporary inconvenience and a cause of struggle and data breaches. They’ll think, “Of course ‘X’ is the best way to validate someone & something is who they say they are. Creating, remembering & tracking passwords! Amazing that our earlier generations had to deal with it.” 

Luckily we have enterprises forcing constant evolution in identity out of business-driven use cases. As organizations get larger and become more complex, balance gets exponentially difficult to achieve: the struggle to make sure users have access to the resources they need and don’t have unnecessary/accidental/insecure access to things they don’t need (i.e. authorization). Automation and innovation in identity is a must-have for all organizations, especially the large enterprise.

[ Also Read: The VC View: Cloud Security and Compliance ]

Authorization has only gotten harder over time because business resources have continued to change and grow: endpoints, files, databases, internal applications, saas applications, service accounts, cloud-hosted applications, shared/public compute. This all leading to identity silos (i.e. entitlements on Salesforce different than Active Directory) and reducing visibility.

In the end, identity is still one of the most effective levers in security. Without identities, everything else (data, endpoints, applications, etc.) are unusable because either everyone will have access to everything or to nothing without identity controls. Identity projects are tough but worth doing.

The most recent trend identity nowadays is in Zero Trust. This concept has been evolving for years now and further accelerated by the pandemic. Zero Trust is building controls around an interesting premise: the idea that every resource will one day be internet-facing.

In 2021, I predict that most folks with identity and zero trust in mind will look at a Zero Trust Network Access (ZTNA) solution first. It’s one of the easier projects to deploy and there is existing work to leverage. The overhead, cost and management required for existing networking controls like VPNs are no longer acceptable at our current massive work-from-home scale. For every company, ZTNA, will likely look a bit different ranging from use cases that are simply more cost-effective VPN to use cases that look a lot like SSO or DLP use cases.

Beyond ZTNA, we’re already seen the concept of Zero Trust extend in other categories even if it hasn’t been explicitly called out. Zero Trust in SaaS Applications. Zero Trust in Privileged Credentials. Zero Trust for developer access. Preparation for Zero Trust (cleaning up excess entitlements.) Eventually I envision we’ll recreate the same defense-in-depth we know and love from the corporate network world in the shared resources (public cloud, multi-tenant applications, etc) world; with identity at the forefront.

RelatedJamf to Acquire Wandera for $400M to Bring Zero Trust to Apple Ecosystem

RelatedWhat’s Behind the Surge in Cybersecurity Unicorns?

Written By

Will is a Managing Director and a founding team member at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. Focusing on security startups for a decade, he has worked with more than 20 cybersecurity companies to date. In his spare time he’s a foodie with friends, enabling serendipity and building communities.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility