A Roadmap to Zero-Trust Maturity

Despite all the marketing hype related to ZTA, at the end of the day, it may not make sense for all organizations, particularly those in less risky environments to implement or pursue all components. That said, all organizations can learn from the tenets and leverage them to improve their security posture. In the preceding series,…

Read More

Data Security for a Zero-Trust Environment

Based on the pillars discussed in the earlier series posts, nothing changes when approaching data security – we start with knowing what is – at a minimum, organizations need to identify and categorize sensitive, regulated, operationally critical data, etc. Data Labeling and the Categorization of Critical Data Types This process will involve mapping all the…

Read More

Zero-Trust Network Security

The Basics There are some straightforward, yet specific, tool-related recommendations organizations can implement at near zero additional cost to maximize investments already made in their environment. Initially, when folks think about network security for organizations, network appliances like firewalls (FW) come up in conversation. Less commonly discussed is how permissive the FW rules are. Too…

Read More

Zero-Trust Access Controls: Trust but Verify

From the onset, access control is the most dynamic pillar in the ZTA implementation process. New accounts need to be created for legitimate business use, accounts likely need varying degrees of access, and account revocation for individual accounts and a mass list is always a concern. Identity and Access Management (IAM) Basics The quest towards…

Read More

Zero-Trust Architecture (ZTA): How to Get Started

Now that we have it defined, how do we practically approach the path to zero-trust architecture (ZTA) and why does it matter? Suppose we start the ZTA discussion by agreeing on a standard definition in its simplest form, i.e., limiting the impact of any unauthorized events by design. Many current industry definitions summarize the key…

Read More