Starting your journey to zero trust adoption

“Zero trust” is certainly a buzzword that gets freely thrown around in cybersecurity. But what does it actually mean?

Also, why is a zero trust security model and architecture being mandated by the government? What should organizations consider to ensure their success?

Let’s start off by agreeing on what zero trust is and is not. It’s not a product or tool — it’s a methodology and model that requires a shift in our approach to cybersecurity controls. The traditional castle and moat approach was based on an environment where users, applications and data were managed within a defined corporate network.

With cloud, IoT, BYOD and a mobile and remote workforce, many users, applications and data are now outside the traditional organizational boundary. As such, organizations are recognizing the need to shift their cybersecurity approach to a model that implicitly never trusts and always verifies.

Many organizations are only now beginning to look at zero trust and trying to figure out what it means to them. What’s the impact from a security and productivity perspective? How do we go about implementing this approach? What tools do we need? How will we afford this?

Shifting to a zero trust model is not about replacing the infrastructure wholesale. It’s more of an incremental journey of modernizing the IT and security environment. In a zero trust model, organizations can identify high-value assets and data within the network and ultimately protect this information beyond what traditional cybersecurity methods allowed, no matter where users, apps and data reside.

Maybe just as important is for this approach to enable the business by automating processes so that the security controls are essentially transparent to users. For example, single sign-on (SSO) allows a user to log in once to access all their authorized business applications, reducing friction and improving the user experience.