The Cloud Security Alliance (CSA) added a zero-trust cybersecurity certificate to its training curriculum as part of an effort to advance cloud security.

The training for the Certificate of Competence in Zero Trust (CCZT) certificate is based on foundational zero-trust best practices defined by the Cybersecurity Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) along with software-defined perimeter (SDP) research conducted by CSA Research and guidance from experts such as John Kindervag, founder of the zero-trust philosophy.

CSA CEO Jim Reavis said achieving zero-trust security requires IT and cybersecurity professionals to master architectures based on multiple technologies and techniques. As such, it is more a philosophy that needs to be learned rather than a platform that organizations acquire to achieve that goal, he added.

That approach is especially critical as more workloads are deployed in cloud computing environments that are now being increasingly targeted by cybercriminals, noted Reavis.

While zero-trust as a methodology for security IT environments has been well established for decades, the executive order pertaining to cybersecurity issued by the Biden administration in 2021 served to raise awareness among both federal agencies that are required to implement it and enterprise IT organizations that are embracing the same principles.

Zero-trust IT requires organizations to embrace an approach to cybersecurity based on identity that makes it possible to verify not just end users but also what machines and software are being used. Making the transition requires time, expertise and money, all of which are in short supply.

There might not be much consensus in terms of how best to achieve that goal, but at the very least, there’s now a set of buzzwords around which IT professionals and business leaders can have a conversation.

In the meantime, cybersecurity leaders should be engaging IT teams that are more likely to have a greater appreciation for zero-trust architectures.

The biggest issue, of course, will be retrofitting legacy applications that make use of easily compromised, hardcoded usernames and passwords for authentication. Upgrading those applications to support alternative authentication protocols will require multiple years of effort, but given the rate at which usernames and passwords are being compromised, it’s becoming apparent that a different approach is now required. The challenge will be implementing zero-trust policies in a way end users will not view as being overly disruptive. Most organizations are going to need to create cross-functional teams to achieve that goal.

One way or another, however, fundamental changes to authentication processes are now all but inevitable. Cybersecurity and IT professionals who can demonstrate expertise in this area will be in high demand. As always, finding the time to study for a certificate exam is going to be a challenge at a time when most organizations are being constantly attacked. However, the only way to put an end to those attacks is to fundamentally change the IT architectures that are far too easily exploited today. The first step on the journey is naturally going to start with training.