The COVID-19 pandemic brought changes no IT team was ready for: employees were sent home, customer interaction models changed, and cloud transformation efforts abruptly accelerated. Cloudflare recently commissioned Forrester Consulting to explore the impact of 2020 disruptions on security strategy and operations among companies of all sizes. To do so, they surveyed 317 global security decision makers from around the world.
Join our guest Forrester VP, Principal Analyst, Chase Cunningham, and Cloudflare Go-To-Market Leader, Brian Parks, for an in-depth discussion of the survey results, followed by practical guidance for next year’s planning.
Why Zero Trust Architecture Will Become the New Normal in 2021
1. Webinar: Why Zero
Trust Architecture Will
Become the New
Normal in 2021
Brian Parks
Head of Go to Market
Cloudflare One
Featuring guest
Dr. Chase
Cunningham
VP - Principal Analyst
Forrester
7. • In response to COVID-19: 47% of
respondents we surveyed say their
organization has transitioned at least 50%
of the workforce to the home, and 48%
anticipate a permanently higher rate of full-
time remote employees.
• And employees increasingly expect it: 53%
of US workers say, "I hope I can work from
home more even after this crisis is over,"
according to our PandemicEX survey.
Global remote working
pre-pandemic
Source: https://www.forrester.com/report/The+State+Of+Remote+Work+2020/-/E-
RES139899
8. US WFH estimates
by persona: pre- vs
post-pandemic
Source:
https://www.forrester.com/report/Intelligent+Automation+Will+Push+Organizations+Flat+Wide+And+Anxious/-/E-
RES157537
For description and examples for each persona, see:
https://www.forrester.com/report/Future+Jobs+Plan+Your+Workforce+For+Automation+Dividends+And+Deficits/-/E-
RES145936?objectid=RES145936
9. We Are Currently
In Phase 3
Source: https://www.forrester.com/report/Returning+To+Work+How+To+Prepare+For+Pandemic+Recovery/-/E-
RES160660?objectid=RES160660
10. Prepare for fundamental changes to business
and technology
• Customer expectations shift on the spectrum of
safety and convenience
• Businesses ride the digital engagement wave to
create hybrid experiences
• Firms and governments invest in the once-
impossible to drive the future of work
• Smart firms retire technical debt fast and then
ride the tech disruption wave
• Business resiliency becomes a competitive
advantage
Five macro shifts in the
new, unstable normal
Source:
https://www.forrester.com/report/The+New+Unstable+Normal+How+COVID19+Will+Change+Business+
And+Technology+Forever/-/E-RES161461?objectid=RES161461
12. Top 5 features that
matter to
consumers in their
product selection
Safe web browsing
Multiple services in the product
Ability to use product across
multiple devices
Identity protection services
Service provider’s reputation
Base: 754 Online adults who have purchased cybersecurity service in past 6 months
13. State of US SMBs
US Small Business Administration Formal Definition:
• Non-Manufacturing – 500 employees or fewer
• Other specific sectors – 1,500 employees or fewer
(e.g., courier services)
• Or annual receipts in ranges
• $1 Million to $41.5 Million
• Uses NAICS industry categorization system
99.9%
• of the business in the US qualify as a small
business (30.7 million businesses)
59.9 million
• US individuals employed by small businesses
(47.7% of US employees)
Source: https://www.sba.gov/document/support--table-size-standards
Source: https://cdn.advocacy.sba.gov/wp-content/uploads/2019/04/23142719/2019-Small-Business-Profiles-US.pdf
14. Security leaders expect Zero Trust adoption
to enable digital business transformation,
improve network visibility, and enhance
employee experience (EX).
15. Lead with Zero Trust as your strategy
• 78% of organizations are moving to embrace Zero Trust.
• 9% of the DoD has adopted ZT as a long-term strategy.
• 13% of the major financial sector is adopting ZT.
• 14% of healthcare is enabling ZT.
• 89% of S&R leaders agree that the perimeter-based model has failed.
• 2020 Wave started with 130 potential vendors in the mix.
Source1:: https://www.microsoft.com/en-us/microsoft-365/business-insights-ideas/resources/should-you-use-zero-trust-for-your-company-network
21. You are on your own
• Since March 2020, attacks on federal
systems are up by 700%.
• IP blocks and domain-related attacks
are up by 200% day by day.
• Phishing is up by 400%.
• Everyone is busy!
Source: https://www.insurancebusinessmag.com/us/news/cyber/fbi-sees-a-400-increase-in-reports-of-
cyberattacks-since-the-start-of-the-pandemic-231939.aspx
25. Turn their strength against them
• Seek out and eliminate default configurations.
• Kill the password.
‒ 88% of all breaches began here.
• Kill the VPN.
‒ 94% of users despise the VPN.
‒ The single largest vulnerability scanned on the internet is remote admin.
• Remove excessive privileges.
• Patch, patch, and patch.
Source: https://www.insurancebusinessmag.com/us/news/cyber/fbi-sees-a-400-increase-in-reports-of-
cyberattacks-since-the-start-of-the-pandemic-231939.aspx
28. Brian Parks
Go to Market Leader, Cloudflare for Teams
Why Zero Trust Architecture Will Be the New Normal in 2021
Find Zero Trust wins with
Cloudflare
29. 2020 changed everything for security teams. What’s next?
Why Zero Trust Architecture Will Be the New Normal in 2021
82%
say they are committed to
embracing Zero Trust
security architecture.
64%
believe their legacy network
security tools are no longer
effective at protecting data.
80%
of security decision makers
said their businesses were
unprepared to manage the
massive acceleration in
cloud transformation that
was forced on them by the
pandemic.
29FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CLOUDFLARE, OCTOBER 2020
30. The 4 Hour ZT Journey
Delivering real Zero Trust
value in hours instead of
days, weeks, or months is
the key to getting started.
Performance AND Security
Cloudflare doesn’t force you
to compromise on the user
experience, ensuring users
won’t try to get around your
security measures.
Zero Trust for everyone
Zero Trust matters for
teams of all sizes, and
Cloudflare is committed to
democratizing access to
Zero Trust security.
Cloudflare’s commitments
30
33. Organizations need a network that is
fast, secure, and reliable
to connect users to the resources they need.
Network security was Perimeter Security.
34. The way we worked changed...but the network did not
Applications moved to the Cloud Users left the building
35. The network must be:
● Everywhere
● Secure
● Fast
● Reliable
● Intelligent
● Software-defined
The Internet is now the corporate network
HOW DO YOU BUILD A PERIMETER AROUND THE INTERNET?
36. Hardware / Software (Buy) Yesterday Services / Cloud (Consume) Tomorrow
Evolution of the technology stack
37. Cloudflare edge network - The network is the computer
Cloudflare city
Approximate area inside
which Cloudflare’s network
is reachable within 100ms
via the Internet
Note: map data as of
Jan 15, 2020 25M+
Internet properties
200+
cities and 100+ countries
72B
cyber threats blocked each day
in Q2’20
99%
of the Internet-connected
population in the developed world is
located within 100 milliseconds of
our network
42 Tbps
of network capacity
39. Zero trust is the shift from a perimeter security model (castle
and moat) to one that always requires authentication of the
user or device before allowing access to applications and data.
“Never trust, always verify.”
Chase Cunningham, Forrester Analyst
*Zero Trust Network Access is also known as Software Defined Perimeter.
39
Zero Trust Security
"Bust The Zero Trust Myths", by Jinan Budge and Chase Cunningham, Forrester Research, Inc., June 22, 2020
40. Bridging the adoption divide
82% of
organizations are
committed to
adopting to Zero
Trust architecture.
Why Zero Trust Architecture Will Be the New Normal in 2021
But only 39%
could identify an
active pilot project
in 2020.
Why?
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CLOUDFLARE, OCTOBER 2020
41. Security teams are spread thin
80% of respondents view lack of
internal IT security staffing and
bandwidth as one of the biggest
security risks today.
Why Zero Trust Architecture Will Be the New Normal in 2021
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CLOUDFLARE, OCTOBER 2020
42. Identity and access management is a common blocker
66% of security leaders surveyed
said they struggled to shift to a
zero trust approach due to the
complexities of user access needs
in their organization.
Why Zero Trust Architecture Will Be the New Normal in 2021
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CLOUDFLARE, OCTOBER 2020
43. Getting started next year: popular pilot projects
1. Ensuring safe and fast developer
access (selected as important by
83% of respondents).
1. Starting or expanding a bring-your-
own-device (BYOD) program
(selected by 81% of respondents).
1. Replacing overburdened VPNs
(selected by 71% of respondents).
Why Zero Trust Architecture Will Be the New Normal in 2021
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CLOUDFLARE, OCTOBER 2020
44. How Cloudflare One can enable quick wins
Why Zero Trust Architecture Will Be the New Normal in 2021
Enable fast and safe
connections to DevOps apps.
Traditional remote access
approaches cause latency and
headaches for developers.
Cloudflare Access makes it
easy and safe for developers to
log in to infrastructure and
staging sites without the need
for a VPN.
Make personal devices safe
for business use.
Employees need flexibility to
connect to work apps from
their personal device.
With Cloudflare Gateway, any
personal device can be made
safe for business use, and
employees have a simple toggle
to “Switch On” work mode on
their personal devices.
Replace VPNs with
Cloudflare’s massive global
network
Surging remote work has put
additional strain on VPNs.
Cloudflare Access offers a
more modern, scalable
approach to securing corporate
apps.
45.
46. Complete control of access to applications
Enforce Zero Trust access for ALL applications on a
per-user basis with easy-to-create and manage rules.
Extend identity based security with more signal
Improve security with context awareness such as device
posture. Enforce more granular policies such as hard key
requirements for your most sensitive applications.
Deliver fast applications to devices anywhere
Users get secure and seamless access to all applications
faster from anywhere thanks to Argo Smart Routing.
Deploys quickly and easy to manage
Leverage existing identity providers and connect applications
to Cloudflare with a secure Argo Tunnel.
Monitor User Access and Change Logs
View and search real-time access logs in the dashboard or
integrate with a third party SIEM.
Zero Trust Access - Access on a One to One relationship
CLOUDFLARE ACCESS
47. Complete visibility from a single pane of glass
Log and monitor all internet traffic, on and off your network for
unprecedented levels of granular visibility that can be viewed in
the dashboard or integrated to your SIEM.
Simplify internet security and compliance
Easily apply DNS and URL filtering rules to protect your users on
the open internet and enforce compliance.
Eliminate threats on our edge not in your environment
Gateways policy engine blocks threats on our network before they
reach yours and you can leverage our proprietary threat intelligence
to inform those policies.
Deploys quickly and easy to manage
Setup can be performed in minutes with easy to configure policies
that do not require security expertise to operate.
Never compromise on performance
End-users get an amazing experience leveraging the world’s fastest
public DNS resolver.
Secure Web Gateway - Internet breakout at the unit of One
CLOUDFLARE GATEWAY
48. Perfected Internet security
Next generation RBI technology isolates the browsing session in a
disposable container on our edge network, ensuring threats never
make their way to corporate devices. Combined with Gateways
policy enforcement security administrators can sleep peacefully.
Security and performance without compromises
Pixel-pushing delivers on the security promise, but is useless as it
renders websites broken, slow, and both bandwidth and compute
intensive. DOM rendering provides a slightly better experience,
but fails on the security side. Cloudflare’s unique approach doesn’t
compromise.
A better user experience than local browsing
Cloudflare Browser actually reduces bandwidth utilization and
provides a faster browsing experience from the same browser
they use today
A global solution delivered from a global network
Thanks to Cloudflare’s edge network performance is always
reliable and fast with remote browsing occurring within 100ms
of 99% of internet users globally
Remote Browser Isolation - Browsing-as-a-Service
CLOUDFLARE BROWSER
49. The 4 Hour ZT Journey
Delivering real Zero Trust
value in hours instead of
days, weeks, or months is
the key to getting started.
Performance AND Security
Cloudflare doesn’t force you
to compromise on the user
experience, ensuring users
won’t try to get around your
security measures.
Zero Trust for everyone
Zero Trust matters for
teams of all sizes, and
Cloudflare is committed to
democratizing access to
Zero Trust security.
Cloudflare One Summary
49
50. Next steps
1.Set up a Cloudflare for Teams account at
dash.cloudflare.com/sign-up/teams. Your first 50 users are
always free.
2.Download the study at cloudflare.com/lp/forrester-
opportunity-snapshot-zero-trust
3.Sign up for the Cloudflare Browser Isolation beta at
cloudflare.com/teams/browser-isolation