Enterprises are asking “what does Zero Trust mean to me?” and “Where do I start?” Aligning to the business strategy and developing a clear capabilities architecture is the first step in the Zero Trust journey and is critical in helping a company identify where they should start (e.g., with data, endpoints, identity and access management, encryption, or applications).
In a recent survey of 20 senior IT and Security leaders, Eighty-five percent of respondents state that Zero Trust is part of their overall strategy, yet only 44% of them have a reference architecture.
The capabilities architecture provides a three-year roadmap, and projects what will need to be completed in year four and beyond. Each company’s Zero Trust journey will be unique. Enterprises are modernizing their IAM capabilities to create identities as a new perimeter, where the boundary is the identity.
Hybrid Pathways recommends starting with IAM, specifically privileged access management (PAM). This means moving to privileged access workstation models, password vaulting for shared accounts, implementation of PAM solutions for IT administrators for highest risk administration, and most importantly, just-in-time privileged access management. This concept means that access to the privileged entitlement is only granted and revoked at the time of need by the privileged user.
The business architecture of security is equally important when formulating a Zero Trust strategy. Hybrid Pathways recommends reassessing your operating models as driven by DevOps for infrastructure and ensure that you have high performing capabilities to be able to support cloud and on-premises. This typically highlights a need for Business Architecture for Security operations. The DevOps models are moving towards more agile, productized, squad-based organizational implementations. Organizational change management and communications need to be considered as part of the Zero Trust roadmap.
It is equally important to understand how Zero Trust fits into your network and data center fabrics. This means that in some cases, you will need a deep understanding of your applications and their interconnectivity to be able to implement Zero Trust seamlessly into the network and data center. For example, micro-segmentation with Cisco ACI and VMware NSX can break applications that are not modernized. This is another driver for modernizing applications in the data center and / or public cloud. The reality is that flagship applications are not getting modernized. Enterprises are choosing to build new modern applications because it is too expensive to re-write legacy flagship applications.
The goal is to move to a network traffic proxy capability for Conditional Access Policies that ties to secrets management, PKI, and symmetric encryption that supports IAM.
Note that this type of proxy capability does not fully exist in the marketplace as Secure Access Service Edge and Zero Network Architecture product capabilities continue to evolve in the marketplace.
Hybrid Pathways helps enterprise companies evolve their Zero Trust strategies and capabilities. How can we help you?