Zero Trust, transitioning from plan to enablement

While Zero Trust is easy to say, it is often difficult to properly implement. Why? Most organizations have a plethora of tools and processes supporting their cyber security plan and they were not purchased or deployed with Zero trust in mind – think about the visual of rebuilding a plane while flying it. The answer: defined strategic milestones + small tactical steps = Zero Trust results.

The key to enabling your Zero Trust (ZT) plan and begin to demonstrate effective ZT security results is to “Keep It Simple.” Here are 5 steps you can use to accelerate your Zero Trust journey:

1. Establish and communicate common ZT terms and goals. The first step to Zero Trust success is for your organization to understand that Zero Trust is a methodology, not a product. Consistent messaging is important to help establish ZT. Because Zero Trust processes may impact end users, it’s important to proactively inform the user community why the organization is adopting a Zero Trust framework and its value to the employee and the organization. Inclusion and communication will improve rates of adoption and effectiveness.
2. Select a ZT framework to use as your roadmap. Regardless of your industry sector, identify and leverage select Federal ZT publications (NIST, DHS CISA, etc.) to use as your guideposts as you plan your ZT program roadmap. Next, identify and deploy specific ZT capabilities or functions by priority. Overall, I suggest the 5-Pillar CISA ZT Framework as it provides not only functions to deliver but also a maturity model to provide visibility into how far along the process you have come.
3. Make multi-factor authentication (MFA) a priority. MFA is one of the best cost-to-security benefit ratios your organization can invest in and all too many entities miss out by waiting or only partially implementing this security capability. Do MFA anywhere and everywhere.
4. Identify your strategic ZT vendors and commit. With 160+ industry Zero Trust vendors it is important to select 2 to 3 to partner with in your ZT journey, gain from their experience and leverage their expertise. Be prepared to utilize their ZT specialists, request demos on ZT features and build your plan with their input. Finally, make sure to include your technology VAR in the equation.
5. Build your select ZT Ops plan now. Focusing on the technology components of Zero Trust will only get you halfway there. Total success for ZT requires that cyber security operations be included in the overall plan. Also, ask for help early in the process from a managed service provider and security expert to help create your Zero Trust Ops plan and methods to monitor, manage and implement your specific version of Zero Trust.

Don’t wait. The time is now to deploy the next step in your Zero Trust journey, embrace your appropriate portion of a Zero Trust framework and know there is simply no one-size-fits all strategy. Remember to keep it as simple as possible and less is more.

Finally, if you need any help or simply want to discuss your current Zero Trust plans and strategies, please fill out the form below or call Red River, we are happy to help.

Stay Secure.

Robert Allende is the Cyber & Risk Management Security Practice Lead at Red River.