The Dataprise Blog

Getting Started with Zero Trust: Implementation Considerations

Jul 07, 2022 BY DATAPRISE

Getting Started with Zero Trust: Implementation Considerations

Zero trust got its start in 2010 thanks to the team at Forrester Research. It’s a cybersecurity model that helps companies avoid risky interactions between users, machines, and data — regardless of where the threat comes from. The model ensures that resources are assessed securely, all traffic is inspected and documented, and that all access is controlled. (As you might imagine with zero-trust, it’s a least-privileged strategy.) We’ll look past the hype to the basics of the principle and how you can implement it.

 

Secure Your Footing

The original concept for zero trust security was based on assumptions that workers would be on the premises. There were context-based controls for any users who needed to use internally-hosted applications. Of course, this model is simply untenable for many businesses today. Instead, IT teams need to allow for seamless access for remote workers, which will likely mean a cloud-delivered zero trust solution.

When you opt for the cloud, you eliminate friction. It won’t matter what network someone is on, IT teams will be able to authorize the right employees or third parties. The environment can be simplified, pivoting toward who’s using it and what applications they need. A zero trust solution provides full visibility, so IT teams can stay on top of the people and the devices in question. Of course, securing your footing describes a long-term goal with zero trust architecture. The short-term goals are a little less involved.

 

Implementation Considerations

As with nearly all IT initiatives, you’ll need support from the executives at the top. This is becoming less and less of a battle, though. Nearly 30% of all companies have zero trust policies in place, with 43% planning to implement them soon.

Begin at the basic level

Like most IT projects, you’ll want to define your steps when it comes to implementing zero trust. Too many IT teams are overwhelmed by the sheer scale of zero-trust, which is why it helps to start small. For instance, you might want to replace perimeters that are software-defined to remove bottlenecks for users, or look into identity and access management to improve monitoring of users.

You can also see if behavioral monitoring could be useful in catching anomalies before they turn into something more nefarious. The good news is that you don’t need to start removing your existing technologies left and right. It’s often just a matter of reconfiguring. For instance, extending endpoint detection to all nodes.

Change your approach

Zero trust encourages people to look at security differently. With such a foreboding name, it’s easy to see these policies as a kind of gatekeeper that never gives in. However, true proponents will say that a zero trust network is less about buying the most expensive encryption software, and more about going after the low-hanging fruit (at least at first).

This may mean improving password policies, ensuring you have MFA, implementing checks based on position in a company, or limiting lateral movement. While it’s tempting to try to expand the budget for the latest and greatest on the market, there’s no reason to abandon the security that you’ve already built.

 

What to Know

At its core, there's not a lot of debate out there about the future of security. Pretty much everyone agrees on the most critical components, given what we know about how technology evolves and what criminals do to take advantage of the landscape. Zero trust architecture is designed to meet the needs of companies today who don't want to fall prey to the wrong scam, particularly now that hybrid work is so popular.

Watch the "Getting Started With Zero Trust" webinar.
Information Security
Want the latest IT insights? SUBSCRIBE