Originally published on Solutions Review
Approaching zero trust — with all its supposed silver bullets, best practices, analyst perspectives, and vendor promises — can feel like walking into a hall of mirrors. What’s real? What’s not? Who’s full of it? Who actually knows what they’re talking about? Where are we on our zero-trust journey?
Despite misleading marketing, a lack of transparency into the available technologies, the limited scope of the technologies themselves, mounting privacy concerns, as well as a complete question mark when it comes to price and deployment, trust in zero trust remains. Organizations know they need to embrace it– and preferably yesterday.
But the Wild West days are slowly fading into the twilight. It’s a new day, and IT security professionals are smarter, savvier, and have a new set of expectations when it comes to adopting and implementing zero-trust security strategies.
Unpacking the Chaos
Despite this enhanced savviness and market maturity around zero trust, major barriers to implementation remain.
These include:
- Damn you, marketers. Some vendors may use misleading marketing tactics to promote their zero-trust solutions, overstating their capabilities or making false claims about their performance. See through the noise the best you can. Most tools let you test things out first. Take vendors up on that.
- What the hell does this cost? Implementing zero trust security solutions can be expensive, especially for organizations with large IT infrastructures. Chances are, the more devices, networking gear, locations, and compliance standards you need to adhere to…the more this will cost.
- Complexity is almost always guaranteed. Zero trust can also be complex to deploy, especially across distributed, multi-vendor networks. The best vendors will do what they say on the tin, however. It might require some effort to get there, but anything worth doing is worth doing well.
- User experience is inconsistent. Traditional ZTNA solutions can impact the user experience, causing frustration and slowdowns due to increased security controls. You obviously want to avoid that to the best of your ability. Adding in any additional layer of security will result in change for the end-user…and change is hard. They’ll get over it, unless it’s too drastic of a chance.
- Integrations remain limited. Integrating ZTNA security into existing systems and processes can be challenging and may require significant modifications as time goes on. Look for tools that align with your environment and the tools that definitely aren’t going anywhere.
- Legacy technology is struggling to keep up. Legacy systems may not be compatible with current zero-trust solutions, and may need to be upgraded or replaced, which can be a resource drain. Some soul-searching may be needed. Are you ready? Or are there areas of your tech stack that need to be modernized first? That’ll be up to you.
- Some are resistant to change. Some organizations may resist the changes required for implementing zero trust models, which can include changes to technologies, processes, and employee behavior. But look, there’s a reason why zero trust is catching on. Attacks are getting more sophisticated every day. Your threat landscape is bigger than ever. Sometimes, change (or growth) is necessary.
- There’s a lack of standardization. There’s a lack of standardization when it comes to zero trust – from overall cost, to how to deploy, and general return on investment. Be sure to ask the vendors you’re in talks with just what they perceive as normal as they help their other customers through this transition and evolution.
Paving the Path Forward
Together, these barriers present a significant challenge to even the most seasoned IT security team. Fortunately, organizations can overcome these problem areas with the right checklist and mindset.
- Start with a risk assessment. Do you know where your organization is most vulnerable to cyber-attack? Chances are it’s at the access level. After all, that’s why you’re even thinking about zero trust. Start by conducting a risk assessment to identify the assets and systems that need protection and the potential threats.
- Define the scope of the project. Don’t let your project grow out of control. It happens, especially with zero-trust implementation. There’s often an eagerness to extend zero trust coverage to everything, everywhere, all at once. Chances are that your team can’t handle that AND keep up with their everyday duties. Define the scope of their zero-trust security implementation, including the systems and processes that will be affected.
- Plan and budget accordingly. Again, scope creep can come out of nowhere in this newfound area of security. Define your budget and stick to it. You can always expand as you mature in future fiscal years. Be sure to consider the costs of software subscriptions, required hardware, and personnel.
- Choose the right solution for your zero-trust needs. This sounds obvious, but the path to zero trust isn’t always so clear. Define your needs, however focused or expansive they may be, and identify the right zero trust security solution that fills the gap for you…AND that plays nice with your existing security stack.
- Train employees in cybersecurity best practices. As a network security engineer, you know IT red flags when you see the. Others don’t. Take the time to train your less technical colleagues on the importance of zero-trust security and the role they play in maintaining security.
- Implement things in phases. Rome wasn’t built in a day, and neither should your zero-trust architecture. Companies should consider a phased implementation approach, starting with critical systems and processes, and gradually expanding the implementation over time.
As the zero-trust model matures and organizations improve their understanding of its intricacies, adoption will become easier. Transparency around deployment, resources, and ultimately cost will improve, making zero trust more accessible to more groups. Widespread implementation will yield fascinating results about the effectiveness of the zero-trust model– something that’s still somewhat unclear due to the model’s tumultuous early history. As always, threat actors will do their best to break down zero trust barriers for fortune, glory, or both. They’ll have a hell of a time trying.
Related Reading
Try Portnox Cloud for Free Today
Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!