2021-04-26T05:49:00Z

Where would you start when implementing a Zero Trust security model for an enterprise?

EB
  • 10
  • 190
PeerSpot user
7

7 Answers

TS
Real User
2022-08-23T11:25:13Z
Aug 23, 2022

To start implementing a Zero Trust model in an enterprise, you need to first and foremost define the Attack Surface. 


To do this, you want to identify the areas you need to protect. The attack surface is always expanding, making it difficult to define, shrink or defend against. 


Focusing on your most valuable assets – sensitive data, critical applications, physical assets, and corporate services, ensures that you are not overwhelmed with implementing policies and deploying tools across your entire network.


Once defined, you can move your controls as close as possible to that protected surface.

Search for a product comparison in ZTNA
AK
Real User
2022-08-24T19:28:00Z
Aug 24, 2022

Begin Rant


The phrase "Zero Trust" is an oxymoron and means nothing in itself. The appropriate result of zero trust is the calculated absence of a transaction. However, it is a way cooler catchphrase than "Atomic Access Provisioning, Control and Monitoring". As a result, the bandwagon of cyber security has used the phrase to brand their products and services to best represent the path to a security utopia. This has only added to the confusion created by every pundit and blogger who has positioned themselves as authorities on the subject.


End Rant


So what really is meant by Zero Trust? 


To answer this, I lean on the CISA Zero Trust initiative to find the definition. Loosely stated, CISA describes ZeroTrust as a collection of concepts and ideas to enforce least-privilege granular access decisions. In other (my) words, Zero Trust is best defined or understood as enforcing a trust boundary around every data element, or in other words, protecting your organizations information assets. Is that not the objective of every self-respecting Security Program?


How you meet these goals has not changed no matter how you label your security program. The essential elements as defined by @Timothy Rohrbaugh with respect, remain the same:


* Reducing the likelihood of an adverse security event.


* Reducing the time to discover the event


* ( I add this to the list) Minimize the impact of a successful adverse security event.


Some of the imperatives have changed the impact of the way a security program is designed. Some of them are:


* Increasing sophistication and automation of attacks due to highly incentivized  and well-funded adversaries


* Increased commoditization and simplification of attack techniques making it easier for less sophisticated adversaries from launching successful attacks


* Rapidly shrinking time between vulnerability discovery and its weaponization


* Rate at which technology platforms evolve leaving small time windows for validating secure code, building security controls, patching, etc. 


* Diffusion of network edges due to the use of SaaS services, third-party libraries, APIs, authentication, etc. 


* Increasing push for compliance by regulatory bodies and contractual obligations diluting security resources available


* Cost of security tools, services and personnel


In a nutshell, you are not late to the party, you are already on the path to "zero-trust". 


What keeps changing really is that the trust boundary keeps shrinking and you adapt your controls accordingly and change your measurements in line with the threat perception.

AS
Real User
Top 10
2021-10-22T10:30:30Z
Oct 22, 2021

Hi Evgeny, 

You can check out the below blog for more details on the Zero Trust Model: 


https://infraon.io/blog/index....


Thanks,
Abhirup

DG
Vendor
2022-08-24T16:54:20Z
Aug 24, 2022

Zero trust can be part of a complete endpoint protection service.  


At M3COM we can assist with a SASE solution that will provide Zero Trust, WAN optimization, Next Gen antimalware, Intrusion protection and Data Loss Prevention.  

DM
Real User
2022-08-24T06:28:50Z
Aug 24, 2022

Zero Trust is an attitude. Get the team to have it.

OR
User
2022-08-23T13:24:30Z
Aug 23, 2022

How big is the enterprise?

EB
Community Manager
Aug 23, 2022

@Olga Richmond 1000+ employees.

PeerSpot user
Find out what your peers are saying about Tailscale, Twingate, Perimeter 81 and others in ZTNA. Updated: March 2024.
765,234 professionals have used our research since 2012.
AT
Reseller
Top 10
2021-04-26T07:25:59Z
Apr 26, 2021

What is zero trust?


Assume zero trust when someone or something requests access to work assets. You must first verify their trustworthiness before granting access. Zero Trust is rapidly becoming the security model of choice for many organisations; however, security leaders often struggle with the major shifts in strategy and architecture required to holistically implement Zero Trust.

As Zero Trust security itself is a strategy, so too is its deployment. The best approach to reaching a Zero Trust framework is to start with a single-use case, or a vulnerable user group, for validation of the model.


Main Pillars of Zero Trust and where to start


1. Inventory of Devices ( HW and SW Asset )


2. Identities ( Visibility and Management of Users ) – including internal and external workforce, services, customer access and IOT components


3. Privilege Account and Access Management, Least Privileges for std users


4. NAC, Visibility of Devices connected to your network- and enforcing device health and compliance


5. Apps and APIs – ensuring they have appropriate permissions and secure configurations


6. Endpoint Management Solution


7. Data – giving it the necessary attributes and encryption to safeguard it.


8. Networks – establishing controls to segment, monitor, analyse and encrypt end-to-end traffic


EB
Community Manager
Apr 26, 2021

@ABHILASH TH, thank you for this detailed answer.

PeerSpot user
ZTNA
What is Zero Trust Network Access (ZTNA)? As working remotely has become more and more prevalent, it has become increasingly challenging to protect network resources since trust can no longer be granted based on location. Zero Trust Network Access (ZTNA) is the technology behind establishing a zero-trust model that ensures secure remote access regardless of where the user or application resides. ZTNA, also known as the software designed perimeter (SDP), operates on a model where trust is...
Download ZTNA ReportRead more

ZTNA experts

SHUBHAM BHINGARDE - PeerSpot reviewer
Jasmit Singh Juneja - PeerSpot reviewer
Mitesh D Patel - PeerSpot reviewer
Alex Clerici - PeerSpot reviewer
Anish Bheekoo - PeerSpot reviewer
Umesh Vashisht - PeerSpot reviewer
Ibidapo Ibrahim - PeerSpot reviewer
WA