The comprehensive nature of Zero Trust can be a little overwhelming in a world of limited resources, time and budgets. However, as security breaches persist, more organizations are adopting this model.
Zero Trust is a journey involving lengthy cycles of assessing, planning, architecting and designing, piloting, and implementing. Before starting the journey, consider how far you want to take the journey and follow a roadmap to get here. At a high level, the roadmap should cover the following:
Develop a strategy – What are the overall goals of the business? Do you only want to target a specific portion of your network, or the entire enterprise? Will you only be implementing a software-defined perimeter? Mapping business goals to the cyber threats putting those goals at risk will help formulate the Zero Trust strategy to mitigate that risk. This will help you build your case and get executive buy-in, which is needed to see this journey to the end. The length of your journey will be determined by the strategy. Given the broad nature of Zero Trust, many key departments of the business, such as development, finance, legal, and HR should also be involved with and/or consulted in the overall composition of the strategy. Involving the right people early on in the process not only fosters better communication, but also helps to provide for a successful deployment.Define your element of protection – As your strategy is being developed, you need to understand what you are trying to protect. Most likely your defined element or elements of protection is your business data. You need to determine what part of your business assets will be protected. Will it be only sensitive data? Customer data? All data? What are the varying levels of data you need to protect? PCI and ePHI data, for exa ..
Support the originator by clicking the read the rest link below.
