The goal of a secure zero trust journey is to securely connect onsite and remote users and their devices to the organization’s applications, servers, desktops and files, in any network or in the cloud. Therefore, CISOs, CIOs and IT Managers who are implementing the zero trust security model, should take different aspects in their zero trust approach, including identity and access control, zero trust network architecture, and operational aspects.
This blog post will provide six best practices for how CISOs and IT managers can implement a truly secure zero trust journey with their provider. We will cover users, coverage, connectivity, zero trust architecture, ease of deployment, and operations.
Before implementing a zero trust security model, map out the different needs of the various user groups in your network. For example, Organizational users have different needs and rights than Suppliers and Partners, Privileged users and Admins need access that other users don’t, OT & Mission Critical assets can only be accessed by some users, etc. Then, map out all the apps and protocols utilized in the network.
Before choosing any zero trust solutions, make sure to choose a solution that supports secure access for all your user types and any application or protocol your users are using, which you mapped out in the previous point. Remember, it takes only one open window for the attackers to enter your home.
Use ID-based connectivity to minimize the attack surface and prevent malicious access. Access should be granted to the authorized asset and not to the network itself. The access provided needs to be as narrow as can be.
ID based connectivity is based on the User ID and Device ID, alongside factors that provide context: Multi-factor authentication (MFA), supervised access, Privileged Access Management (PAM), and monitoring the user’s activity during the session. As you can see, granting access is based only on the user ID and not solely on attributes, and it is a continuous process.
For a zero-trust journey choose a zero-trust solution. Choose a provider that works on a safe architecture. Make sure no vulnerable information, and especially customer data, is kept in the provider’s cloud.
Another important aspect of the journey is the ease of deployment and scale. This is critical for supporting business needs, growth and expansion. The deployment and users’ onboarding processes have to be simple and straightforward to support a successful implementation. It is also important to use a technology that is easy to manage and does not require special skills, especially in today’s tech culture.
It is important to ensure security and operational needs are handled in a way that doesn’t impose on your resources and user experience. Employees, partners and stakeholders will not be very tolerant to a system that is impacting their ROI, productivity and efficiency. In an extreme scenario, the solution will not be used, which defeats the whole purpose of security.