By Jerry W. Chapman, Engineering Fellow – Identity and Access Management, Optiv & Phillip Solakov, Director Client Solutions, Optiv Canada
You know the ingredients of Zero Trust. Least privilege. Network segmentation. Risk-based access. But combining them into the right kind of environment that offers your organization the most security requires an understanding of the cyber security world and a forward-thinking approach.
As the cyber advisory and solutions leader, Optiv is pioneering the way in Zero Trust (ZT) adoption. Let’s take a look at what Zero Trust (ZT) is, how it can protect your business and where to begin your journey.
What does it mean to take a ZT approach?
In a ZT environment, security teams “assume breach” — and believe it’s critical for all business assets to be protected at the asset level. At its core, ZT is an identity and risk-based, dynamic architecture that provides security throughout your organization.
Taking a ZT approach means focusing on securing critical data and access paths by eliminating trust as much as possible, coupled with verifying and regularly re-verifying every allowed access. Optiv has codified four principles for ZT implementation:
- Establish a micro-perimeter
- Shrink the attack surface at the resource level and utilize appropriate technology to explicitly allow ingress and egress traffic into the micro-perimeter.
- Establish a secure identity-based context to the resource.
- Understand the traffic moving in to and out of a micro-perimeter.
- Create enhanced security.
- Based upon the criticality of the resource, you may need to step up security. Measures include biometrics, certificates and other elements.
- Continuous review of identity and secure connections.
- Continuous review and monitoring of other components is critical. Bring risk analytics into the decision process so access can be revoked based on established criteria.
What level of ZT protection is the best fit?
Once you’re ready to embrace the ZT ethos, there are three levels of implementation maturity to consider to help guide your adoption strategy, milestones and pace:
Fundamental capabilities in an organization are solutions and technologies deployed to provide core capabilities to support a path to ZT.
Integrated capabilities describe the combination of identity and other security solutions sharing rich identity context across the full stack. This enables each element of the program to fully participate in the Zero Trust architecture.
Adaptive capabilities describe advanced technologies that provide automation and visibility into an organization’s Zero Trust architecture. Additionally, advanced risk analytics, artificial intelligence and machine learning provide the capabilities to support “just-in-time” access or even “governance on demand” in real-time evaluation during sessions.
Where do I start?
Great, you’re ready to level up. Now what?
Optiv’s Zero Trust Readiness Assessment leverages ZT principles and a maturity and capability framework applied across key security domains. This allows for the creation of an actionable roadmap you can use to build and mature your ZT capabilities.
Here’s how it works:
- Collaborate with organizational leadership to identify current state capabilities across key security domains.
- Collect and organize the acquired information into Optiv’s readiness assessment framework.
- Leverage the assessment framework to perform a detailed analysis of the acquired information.
- Based on the outcome of this analysis, determine organizational capabilities and ZT readiness across the key domains.
- Based on the current and target states, provide a set of recommendations to enhance an organization’s ZT capabilities.
- Develop a time-based prioritized roadmap to enable an organization’s ZT maturity journey.
If you are interested in learning how Zero Trust, reach out to us at optiv.com and we can help!
Optiv Security: Secure greatness.™
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to more than 7,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.