Microsoft, IBM, Google, AWS, Cisco and others in the cybersecurity industry have been banging the ‘zero trust’ drum for the past few years. The case for zero trust was made clearer after this year’s software supply chain attacks on US tech firms, which came amid a mass shift to remote work that demonstrated the need to protect information inside and beyond a trusted environment in a world that spans BYOD, home networks, VPNs, cloud services and more. As Microsoft has argued, part of zero trust is assuming the corporate network has already been breached, either by hackers targeting that network through phishing or malware, or via an employee’s compromised home device connecting to the network. The message has gotten through to organizations. Microsoft’s survey of 1,200 security decision makers over the past year found that 96% of consider Zero Trust to be critical to their organization. Zero trust will also soon be compulsory for federal agencies, helping standardize the concept in the broader market. US president Joe Biden’s cybersecurity executive order in May mandated agencies move to zero-trust as-a-service architectures and enable two-factor authentication (2FA) within 180 days. The Commerce Department’s NIST followed up last week by calling on 18 of the US’s biggest cybersecurity vendors to demonstrate how they would implement a zero trust architecture. Microsoft found that 76 percent or organizations are in the process of implementing a Zero Trust architecture — up six percent from last year. “The shift to hybrid work, accelerated by COVID-19, is also driving the move towards broader adoption of Zero Trust with 81 percent of organizations having already begun the move toward a hybrid workplace,” writes Vasu Jakkal, Microsoft corporate vice president of security, compliance and identity. “Zero Trust will be critical to help maintain security amid the IT complexity that comes with hybrid work.” The top reasons for adopting Zero Trust included increased security and compliance agility, speed of threat detection and remediation, and simplicity and availability of security analytics, according to Jakkal. It’s all about confirming everything is secure, across identity, endpoints, the network, and other resources using signals and data. Biden this week highlighted the real-world stakes at play with recent ransomware and supply chain attacks on critical infrastructure, telling the US intelligence community that a major hack would likely be the reason the US enters “a real shooting war with a major power”. The US president yesterday signed a memorandum addressing cybersecurity for critical infrastructure, ordering CISA and NIST to create benchmarks for organizations managing critical infrastructure.