- John Kindervag, Creator of Zero Trust, Field CTO at Palo Alto Networks, Board Advisor at Strong Salt
- Roshan Patel, Information Security Engineer at Sony India Software Centre
- 4 Anonymous Contributors
CISOs pushing for zero trust as their security strategy face several challenges including:
- Understanding and clarifying the benefits of zero trust for the organization.
- The inability to verify all business operations are maintaining security best practices.
- Convincing business units to add more security controls that go against the grain of reducing friction in workflows while still demonstrating these controls support the business.
- Zero trust must benefit the business and security. Because the road to zero trust is an iterative process, IT security will need to constantly determine how different areas of zero trust will affect core business processes.
- Zero trust reduces reliance on perimeter security. Zero trust is a strategy that solves how to move beyond the reliance on perimeter security and move controls to where the user accesses resources.
- Not everyone can achieve zero trust, but everyone can adopt it. Zero trust will be different for every organization and may not be applicable in every control area. This means that zero trust is not a one-size-fits-all approach to IT security. Zero trust is the goal, but some organizations can only get so close to the ideal.
Impact and Result
Zero trust is a journey that uses multiple capabilities and requires multiple parties to contribute to an organization’s security. Use Info-Tech’s approach to:
- Understand zero trust as a strategic platform for building your security roadmap.
- Assess your current state and determine the benefits of adopting zero trust to help plan your roadmap.
- Separate vendors from the hype surrounding zero trust to adopt a vendor-agnostic approach to your zero trust planning.
This guided implementation is a four call advisory process.
Guided Implementation #1 - Understand zero trust
Call #1 - Zero-trust overview.
Call #2 - Determine the appropriate zero-trust school of thought.
Guided Implementation #2 - Assess your zero trust readiness