Key suppliers of zero trust security products for applications, including application inventory, application data flow/dependency mapping, application monitoring, least privilege access to data, secrets management, and API gateways.

Applications garner a great deal of attention within zero trust (ZT) and cybersecurity strategy as a whole. Applications – especially proprietary applications that help an organization to build competitive advantage – represent critical IP and need to be protected via the ZT framework.

Applications also represent the point at which security is visible to the business as a whole, because all internal users (and in many organizations, external users such as suppliers, customers, and other stakeholders) rely on applications to access and work with needed data. This visibility significantly raises the stakes for the security organization.

Users who find security measures overly restrictive will look for shadow IT workarounds, which increase overall organizational IT costs while decreasing visibility into potential vulnerabilities and threats. Measures that imperil critical business processes – for example, a security control that prevents a single quarter-end deal from being processed – will destroy months’ worth of goodwill generated by frictionless ZT security approaches.

A second complicating factor with applications is that they tend to enter the organization from two distinctly different sources. Every major business uses a mix of commercial off-the-shelf software (COTS) and internally developed software, which in today’s industry, is the product of a DevOps “software supply chain.” Security professionals need to deploy technologies and management practices capable of addressing both sources.

In analyzing applications technologies and capabilities required for zero trust success, Stratascale SMEs highlighted six key categories:

• Application inventory.
• Least privilege access to data.
• Workload monitoring.
• Application data flow mapping and dependency mapping.
• Secrets management.
• API gateways.

The Stratascale team assessed 153 vendors to identify those who provide a starting point for firms looking to enhance infrastructure security as part of a broader ZT strategy. Across the six categories, we identified 45 vendors who were either:

• Suppliers of broadly applicable solutions likely to meet the needs of the Fortune 1000 enterprise customers that Stratascale works with.
• Vendors providing solutions that address specific customer requirements within a category, but which don’t extend across a wide range of potential enterprise use cases.

Stratascale’s cross-functional group of security and networking experts contributing to these reports included:

• Stratascale Director, Zero Trust and Identity Services, Rob Forbes.
• Stratascale Director, Software Supply Chain Cybersecurity, Aaron Smith.
• Senior Technical Advisor, DevOps and Automation, Chris Hudson.
• Field CISO, Joseph Karpenko.
• Vice President, Office of the CISO, Michael Wilcox.
• Cybersecurity Research Analyst, Alex Banghart.
• Director, Ecosystem Engagement – Cybersecurity, Michael O'Neil.

To access one of the Zero Trust Vendors to Watch, Know, Understand: ZT Applications reports, please click on the linked titles:

Please note that no recommendation or warranty is implied by the inclusion of any vendor within these reports.