Zero Trust has become the standard information security model to adopt globally. It’s no longer a question of should; it’s a question of how and where to begin. For some time, the topic of Zero Trust was met with disparaging and opposing views proclaiming it to be another buzzword for vendors to market products. Well, it’s not, although, sadly, there was nothing to stop that from happening.

Now that we’re past the point of security vendors attempting to market Zero Trust as a product, we recognize that it’s now the de facto security approach, and its benefits are hard to ignore. Sure, we still see some of the same old issues plague it, such as:

  • “Is Zero Trust a technology?”
  • “Zero Trust is really just an identity conversation.”
  • “Zero Trust only focuses on cloud and remote access.”
  • “Zero Trust is an oxymoron that distracts the workforce.”

When you push past all that distracting noise, you’ll come to realize that the US federal government and other organizations are mandating Zero Trust implementation and publishing Zero Trust guidance to enable secure digital transformation and infrastructure modernization efforts.

Avoiding A Punch-Line Rim Shot

Now that organizations are warming up to Zero Trust, they must begin assessing their enterprise to find out just how much or how little they really know about it. From there, it’s about developing your implementation strategy. Organizations, however, remain stuck when developing implementation plans with clear objectives and a well-defined roadmap. Having a strategy in place that has Zero Trust baked into it is great, but you must figure out what the next steps are, then execute. This is because one of the common mistakes made is that some organizations think that “I need to implement Zero Trust” is a clear enough objective. That’s not tangible enough. What is needed are clear, outcome-based use cases that capture the action needed, the rationale behind it, and a method for achieving that action. Otherwise, your teams will view your strategy as a joke (cue rim shot).

Finding Rhythm In Your Half-Time Shuffle

The song “Rosanna” is known for its timeless half-time shuffle beat. To play this song correctly requires practice and an understanding of what the elements are to strike the right rhythm. The same way you break down the song, you must break down your use cases to balance the methods with the rationale. In the report, The Secrets Of Successful Zero Trust Deployments, we highlight the importance of creating use cases that balance these core areas:

  • Employee experience. Start with use cases that are user-facing. Demonstrate value that is visible to the workforce, such as consolidated identity management, reduced authentication overhead, the enablement of remote work, and adoption of bring-your-own-device policies.
  • Technology architecture and delivery. This team is core to aligning business priorities to technology strategy. Focus on securing and simplifying applications, devices, identities, and infrastructure delivery with auditable accounts, third-party access management, and data protection.
  • Analyst experience. Develop use cases that improve security analysts’ ability to detect and respond to threats. Take actions to increase visibility and gain better insight into what the attack surface is for your organization.

Develop use cases that emphasize who benefits from Zero Trust, that allow security and risk professionals to break free from a tech-centric mindset, and that provide a clearer understanding of knowing where to start, identifying areas for collaboration and improving processes along the way.

Looking For An Encore?

There is so much more to it than just what I have highlighted here. Fortunately, there are plenty of resources available to you, including best practices, templates, and strategic reports for advancing your Zero Trust journey. You can also join me at this year’s Security & Risk Summit, where I will be hosting two sessions on Zero Trust:

  1. Zero Trust workshop. This workshop will focus on helping attendees get their Zero Trust implementation to the next level. In this session, we’ll emphasize the importance of assessment but also help make sense of the results to define use cases, align them to objectives, and identify dependencies that can help prioritize activities in an iterative roadmap.
  2. Zero Trust panel. Special guests from the private and public sectors will join me for a conversation focused on what major challenges have been faced when adopting and implementing a Zero Trust architecture. They will share experiences and advice for overcoming those challenges to reduce the chances of delays or disruption throughout the journey.

So join us! Forrester’s Security & Risk Summit will take place on December 9–11. You will have the option to join us virtually or attend in person in Baltimore, Maryland, by registering here. There will be many keynotes, breakout sessions, workshops, analyst one-on-ones, and more. If you’re unable to join, Forrester clients can also schedule an inquiry or guidance session with me for all things Zero Trust.