By Drew Epperson
•
30 Aug, 2022
We define Zero Trust as a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero Trust simplifies risk management to a single use case: the removal of all implicit trust for users, applications and infrastructure. It’s a way for government agencies and other organizations to build resilience into their IT networks and environments. Changing the Mindset Adopting a Zero Trust Approach Is a Continuous Journey – It is not a one-time implementation. Zero Trust is an operational philosophy requiring a change in mindset – a fundamental shift in how we design, implement and maintain cybersecurity postures. Building a Comprehensive Zero Trust Plan Is Paramount – Focusing on a specific product or a narrow technology does not equal Zero Trust. Zero Trust must be an end-to-end approach encompassing the entire IT ecosystem of controls – network, endpoints, cloud, applications, Internet of Things devices, identity and more. Understanding that ZTNA Is Only a Component of Zero Trust – The terms Zero Trust Network Access (ZTNA) and Zero Trust are not interchangeable. ZTNA applies specifically to remote users accessing company applications and services, and is an element of the bigger Zero Trust story. Getting Started The good news is that your agency can start implementing the Zero Trust process anywhere. You can use existing tools and capabilities to establish a starting line. For those in early stages, there are some factors to consider to help ensure a successful outcome. Plan for an Incremental Approach Like every journey, Zero Trust requires a map or plan of action in order to move forward effectively. Think carefully about your focus areas and prioritize them. Taking on Zero Trust does not mean starting from scratch with your infrastructure. Conduct a rationalization of existing IT investments. Decide what your organization is actually using, what is working, what could be reconfigured or redeployed, and what new investments are truly needed. Engage Leadership from the Start Approach the plan holistically, aligning with a board, CIO or both, as well as driving a broader Zero Trust culture across your agency. Make It Actionable Achieving Zero Trust requires determining what your organization needs to reduce acute risk and achieve resilience. Adding metrics to your plan will also help keep it actionable and on track. Set goals for securing users, applications and infrastructure across the full spectrum of touch points, such as authenticating identity, verifying device and workload integrity, enforcing least-privilege access and scanning all transactions for legitimacy. With these fundamentals in place, you can confidently begin your Zero Trust journey. Learn more at https://www.paloaltonetworks.com/blog/2022/07/launch-an-effective-zero-trust-initiative/