The zero trust security paradigm has existed for nearly a decade, but the interest has risen in the last few years due to WFA (Work From Anywhere). The concept of implicit trust or “trust but verify” is no longer reliable in securing enterprise networks in today’s world of work. The security principles have shifted to “never trust and always verify.”
Corporate user identifications and devices are the weakest link in a conventional security framework when running outside the corporate security zone. Attackers quickly target compromised end-user devices and abuse compromised credentials to wreak havoc on the corporate network. This weakest link is exposed with cloud adoption as many services and access were provided to users by trusting the endpoints in a WFA environment.
As data security becomes a business mandate for enterprises, deploying a Zero Trust security framework (ZTX) can streamline the path to compliance.
By 2026, 10% of large companies will have a mature & measurable ZT Program in Place. – Gartner
Growing Interest Toward ZTNA
Enterprises have learned that in the age of digitization, they need to ensure a competitive business edge via cloud adoption amidst a WFA environment. The rapid shift in approach has fostered keen interest among security and risk management leaders toward implementing Zero Trust Network Architecture (ZTNA) policies. Forrester recommends creating a business case for Zero Trust and learning to build alignment around a common imperative, terminology, and tools to mobilize lasting change.
ZTNA is now typically deployed to replace remote-access VPN, but overly complex policies are inhibiting adoption. Adopt a continuous life cycle approach to remote-access management to achieve success. – Gartner
The Long Road Toward ZTNA
Zero trust adoption is a journey, not replacing existing infrastructure and processes. The zero trust journey demands a change in people, processes, and technology. Sufficient time and careful planning are pivotal. Embracing change impacts the way organizations operate amidst changing times with robust security. In starting the ZT journey, Forrester recommends developing a roadmap that adopts zero trust as the centerpiece of your security initiatives. Garner support from key stakeholders by aligning to existing business or organizational initiatives. The journey should incrementally adopt the zero trust principle across people, processes, and technology.
By 2025, 60% of companies will use ZT solutions instead of VPNs. – Gartner
Doing it The Right Way
The ideal approach would be to operate in a hybrid model with IT modernization and strategy focused more on zero trust and phasing out the traditional approach to security. Depending on the security posture and maturity, this journey may take a few months to 5 to 6 years as many organizations’ refresh cycles stretch to a 5-year cycle time.
In some cases, a green field implementation is an option for building the zero trust process and architecture from the ground up. This approach is more suited for the new age cloud-based companies.
Here’s how the approach looks like:
- Survey of assets, identities, network, data, and workflow
- Risk Assessment of security posture to understand the security maturity level
- ZTA Architecture design and deployment
- Process formulation and Incremental deployment of zero trust architecture.
- Monitor and iteration of the preceding steps
- Continuous monitoring, assessment, and improvement.
- Ongoing ZT operations and management.
A single solution or OEM product cannot provide zero trust architecture. It involves multiple products and solutions.
Building & Deploying Frameworks
Greenfield implementation offers a better opportunity to build processes and deploy technology solutions from the ground up for zero-trust architecture adoption. Cloud projects and IT modernization, if not done as a mere lift & shift of on-premise applications to the cloud but as a holistic modernization journey like a “Cloud Native” build or as a “data center” or application transformation activity involving microservices and micro-segmentation offers a wide scope and flexibility to adopt zero trust as part of the Enterprise Architecture (EA) design.
Going against the popular notion, according to Forrester, ZTA does not require enterprises to rip out their current security controls to start afresh. Armed with the right approach, security leaders can increase ZT competence and immediately realize security benefits. The ZTA journey must be carefully planned, aligned with business strategy, incorporated into the IT modernization plan, and executed.
Transforming legacy IT infrastructure to ZTA entails doing a couple of things:
- Run a hybrid environment for a period with a mix of zero trust components and conventional IT components;
- Change traditional IT components with zero trust incrementally until all components are replaced.
Gartner predicts that through 2026, more than half of cyberattacks will target areas where zero-trust solutions don’t mitigate risks.
Roadblocks in Implementation
ZTA journey can prove to be a bumpy ride with these challenges:
Understanding the Bigger Picture
Fundamental and paramount is the need to prepare the organization and make everyone understand what zero trust is. The principle of “zero trust” is not to trust and should not be perceived with the wrong notion that the organization does not trust employees. Awareness and training sessions are crucial to communicate this reality.
A Siloed Approach
Many companies approach zero trust as a product replacement with more capability, but still, the products operate as disintegrated islands. A siloed approach gives way to lapses in security controls. A zero-trust approach entails changes in process, tools, hardware, and architecture that must go hand-in-hand.
Not a product implementation
Zero trust cannot be implemented as a single product. It’s a framework of interrelated policies. Controls derived from policies are to be applied across users, devices, networks, data, and applications to achieve a zero trust architecture. A lack of proper understanding of zero trust leads to poorly deployed ZTNA.
Dearth of skills
Zero trust journey demands strong technical skills. Finding the right talent with knowledge and skills to adopt Zero Trust is a tall order due to the rapid flux in technology, skills, and talent in today’s market. Consider working with a Managed Services Partner (MSP) to procure the right mix of ZT capabilities and train and certify teams.
Getting Too Restrictive
ZTA, when not designed properly, is prone to become very restrictive and hinders employee productivity. Introduce ZTA gradually in phases with proper testing and increase the pace of adoption, especially in a legacy network.
Though ZT does not solve all security needs, it lowers risks and limits the impact of attacks. Security leaders need to inventory and optimize their exposure to threats beyond the reach of ZTA. Every enterprise is embarking on ZT journeys, and leaders need to understand the destination: zero trust maturity. According to Forrester, careful planning and a steady course are essential to reach a credible level of maturity.
Why Consider Movate?
Movate is an early adopter of zero trust even before the WFA trend gained significance in the New Normal. The company offers Greenfield and Hybrid zero trust solutions. Experience in supporting global customers and ZTA deployments posits Movate as an ideal partner to advise on zero trust solutions and products that are cost-effective and least disruptive with assured business outcomes.
Get help across:
- Adopting ZTA in phases (survey, assess, deploy, monitor & iterate, manage & improve)
- Deploying a greenfield and hybrid solution
- Choosing and integrating best-in-class products, solutions, and architecture
- Leveraging ZTA Managed services
Movate offers customers the option to implement and try before recommending any specific service. Through experiences gleaned from roadmapping and deploying ZTA journeys, Movate is your go-to partner.