Even though “zero” is in the name, Zero Trust does not mean companies will completely eliminate all cybersecurity threats. The steps within Zero Trust are different for every organization because threats vary among industries and businesses. If every company followed a one-size-fits-all strategy, it would be too broad to provide effective security and too expensive to maintain. Instead of casting a wide net to protect against general threats, conduct research upfront to create pertinent milestones and a tailored Zero Trust strategy.
Stick to the Strategy
Defining the milestones throughout a Zero Trust journey is one of the most challenging steps organizations face. How can IT leaders systematically research applicable threats to their business in order to inform a relevant strategy?
An organization’s ability to determine risk hinges on its analytical assessment of the threats likely to target that company and the hard data from a Security Operations Center (SOC) or MITRE ATT&CK open-source feed. This can inform an organization’s risk tolerance or their ability to withstand a breach against a certain part of their business. Conducting research to determine applicable threats and developing a Zero Trust plan based on this data is the best way to move forward and it’s where IT leaders often find the most success.
Some organizations possess the expertise to conduct this research in-house while many companies choose to consult a vendor that specializes in cybersecurity. Managed service providers such as Ascent Solutions bring the technical experience to help IT teams determine applicable threats and select cybersecurity initiatives that will deliver the most impact quickly.
Regardless of how IT teams choose to develop their Zero Trust strategy, it must be rooted in hard science and data analysis. Once a Zero Trust strategy has been developed, organizations must commit to the strategy in order to make measurable progress, while being open to evolution over time as the business grows.
When architectural decisions for Zero Trust are rooted in science, gaining internal alignment and making measurable progress become more achievable.
Zero Trust Milestones
Developing tangible milestones for an organization is a challenge IT leaders face when pursuing Zero Trust. Milestones or KPIs look different for every organization, but a few foundational steps toward Zero Trust apply to nearly every business.
In our webinar, Accelerating Your Zero Trust Journey, Jason Floyd, Senior Managing Director & CTO at Ascent Solutions, gives examples of milestones that companies in the beginning stages of Zero Trust can set. Relevant starting points include removing legacy authentication from environments, and for organizations using the Microsoft Suite, measuring the number of systems in Microsoft Intune. In addition, working toward modernized information sharing and a cloud-based storage platform is applicable to nearly every business.
The ultimate measure of success is making sure these milestones are connected to a risk discipline, rather than adopting a blanket strategy or a technology solution that promises to enable Zero Trust.
Does the Order of Zero Trust Pillars Matter?
In short, yes, order matters greatly when planning Zero Trust adoption. Upstream decisions affect downstream results, so sequencing logical steps for Zero Trust helps the process go smoothly. Focus on milestones that deliver the most impact first, while deprioritizing outliers that have minimal contribution to overall security posture. Oftentimes, those outlier steps end up resolving themselves as teams make progress on larger initiatives toward enhancing cybersecurity.
Moving forward on Zero Trust in a logical order allows IT decisions to fit into existing work without overburdening your teams. This doesn’t mean putting a label on current security initiatives and calling them Zero Trust, but rather utilizing data to ensure IT teams are pursuing the right technology, processes, and people to run them at the right time for the business.
Establishing a Zero Trust milestone sequence that will best meet business needs is an area in which many of our customers actively seek assistance. Selecting a partner with cybersecurity expertise brings internal teams peace of mind to know their Zero Trust milestones are tailored to their business, and they are in an efficient order to deliver benefits quickly.
Measurable Success Brings Momentum to Zero Trust
No universal strategy for Zero Trust will meet every organization’s unique needs. That’s why doing the research upfront to determine applicable threats and developing KPIs specific to a business are the best ways to create a strong strategy.
Partnering with a managed service provider brings clarity to Zero Trust journeys by using science to define milestones, sequence steps, and measure progress.
Give your Zero Trust strategy more momentum by learning how to overcome common blockers IT teams face in our white paper, “Navigating 6 Real-World Blockers to Accelerate Your Zero Trust Journey.”
