« Previous 1 2
Zero trust planning and implementation
Take Your Mark
The Correct Starting Point
One frequently asked question is, "Where should the journey to zero trust start?" Strictly speaking, the answer can be found in the systematic approach outlined above. The risk and gap analyses clearly show the most critical topics. IT teams need to prioritize these issues within the framework of budget availability, but at least one area is always going to be a good choice.
As Figure 1 shows, zero trust starts with identity and authentication. If not yet implemented, MFA is always going to be a good place to get the ball rolling because it is a central element of zero trust. The same applies to the development and expansion or modernization of IAM, which includes not only authentication, but also the management of all types of identities and user accounts, the control of access authorizations, and PBAM for dynamic access authorization.
On the other hand, you should also understand that no single solution will allow you to make zero trust architectures a reality. Even approaches such as ZTNA, where "zero trust" is part of the name, are only partial elements in this kind of solution. A differentiated assessment must be made as to whether and to what extent these elements are necessary.
Other sub-elements such as microsegmentation are important, as well, but by no means always necessary. For organizations that work with flexible working models and access from different locations, but only use cloud services and do not have internal IT, microsegmentation is irrelevant; however, it does play a role if many IT services are still operated internally in data centers.
Conclusions
Ultimately, besides IAM and MFA as the logical technical starting points, the correct entry point for zero trust is solution-oriented work, which helps you develop concrete and programmatic planning from an abstract, complex, and often diffuse strategy and implement the planning, step by step. One thing is clear: Zero trust is not outdated, but a model that will continue to shape cybersecurity in the coming years in concrete implementations long after the hype has disappeared.
Infos
- NIST zero trust architecture: https://www.nist.gov/publications/zero-trust-architecture
- BSI position paper: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeLeitlinien/Zero-Trust/Zero-Trust_04072023.pdf?__blob=publicationFile&v=4 (in German)
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Azure AD with Conditional Access
Trust is good, but controls are better. As more flexible working models become widespread, the boundaries of the classic perimeter are blurring and softening existing models of trust for adopting cloud software and data storage or running domain controllers or core applications in the cloud. - NSA Issues Zero Trust Guidance on Automation and Orchestration
- NSA Issues Zero Trust Guidelines for Network Security
-
Zero Trust as a security strategy
Acceptance of zero trust models like BeyondCorp by Google or LISA by Netflix lags in Europe, where endpoint security is king. We examine why this situation must change by looking into the principles of modern zero trust concepts. -
Secure microservices with centralized zero trust
SPIFFE and SPIRE put strong workload identities at the center of a zero-trust architecture. They improve reliability and security by taking the responsibility for identity creation and management away from individual services and workloads.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
