Zero trust requires clear architecture plans before changing core systems

Successful enterprises approach zero trust carefully, with the big picture in mind, before making changes to network access, data management or application engineering.

blueprint 101151831

Zero trust touches everything: identity, applications, networks, data, and devices. The best approach is not to change everything all at once. Instead, start with the big picture.

In our research, we’ve found the most successful organizations dedicated the first phase of their zero-trust initiatives to working out an architecture. They didn’t rush into deploying solutions as though starting with a greenfield.

Everyone else dove in fast, mixing the foundational work on zero trust with one or more of the knock-on efforts: rearchitecting networks, security, and data management; buying tools; forming implementation teams and setting them to work. All those things need to happen, of course, but with zero trust, it pays to do a lot more thinking about how all the pieces will fit together before undertaking the changes needed, either at the architectural level or in the tool set.

When we talk about security success, in this case we mean organizations with a very low ratio of serious cybersecurity incidents. The more successful organizations had, at the most, two serious incidents per 100 cybersecurity incidents (a serious incident is defined as one that has an impact on staff or the business, or requires external reporting). And in most cases, these successful organizations kept their ratios well below this 2% threshold. (Data comes from Nemertes’ recent research on cybersecurity, the Secure Cloud Access and Policy Enforcement Research Study 2021-22)

Zero-trust planning

To continue reading this article register now