As the world continues to battle the pandemic, a remote workforce persists. Given the sudden and continued need for remote capabilities, organizations are forced to assess and consider strengthening their security measures to meet an entirely new set of demands from cyber threats. With the new reality of an increased, ever-evolving threat landscape, organizations must truly assess current strengths and weaknesses in terms of cybersecurity to pinpoint areas of improvement. These cyber threats must be addressed through strategies such as Zero Trust (ZT), further bolstered by President Biden’s Executive Order (EO) 14028 which calls for improvements in the nation’s cybersecurity by mandating the adoption of a Zero Trust Architecture (ZTA).
T-Rex’s cybersecurity leaders Jyoti Wadhwa and Dr. Allen Harper co-authored an industry-leading white paper in partnership with the Cloud Security Alliance (CSA) that provides industry stakeholders with guidance on how to develop a ZT strategy including a prioritized investment roadmap that is in alignment with EO 14028. Industry and government alike must develop a ZT strategy and implement a ZTA to meet the mandates from the EO as well as to address a sophisticated threat landscape that includes hybrid and cloud environments.
As organizations seek to adopt a Zero Trust Architecture (ZTA), there are many different paths in industry from which to choose. The aim of Jyoti Wadhwa and Dr. Allen Harper in this white paper is to provide a guided approach to how your organization can navigate this complex, hybrid environment to develop the best ZT strategy for your organization. Their guidance for organizations begins with first assessing a current state of ZTA maturity. The Cybersecurity and Infrastructure Security Agency (CISA) provides a Zero Trust Architecture Capability Maturity Model (ZTA-CMM) to do exactly this. The ZTA-CMM is comprised of five pillars of Identity, Device, Network, Application/Workload, Data and three cross cutting attributes of Visibility and Analytics, Automation and Orchestration, and Governance.
ZT Maturity Level
To better understand your organization’s ZT Maturity level, you must conduct reviews and analysis with key stakeholders that account not only for the technology but also for the people and processes behind the technology. Using CISA’s ZTA-CMM five pillars, your organization can assess its current ZT maturity level. The initial assessment and results serve as baseline towards developing a comprehensive ZT Roadmap.
Once the current state of your ZT Maturity Level is established, the identification of gaps between a desired future state begins. In this step of a ZT strategy, organizational stakeholders are informed by their risk tolerance levels to identify any additional investments needed to meet the organization’s target security posture. The resultant roadmap yields a clarified and detailed plan that prioritizes capital and resource allocations, through a phased approach to meet its security requirements over a defined timeline.
As the ZT-based solutions are implemented, they should be guided by industry best-practices such as the recent NIST SP 800-207 on ZTA; the Cloud Security Alliance CSA Cloud Controls Matrix (CCM) or government Security Technical Implementation Guides (STIGs).
There is no one-size-fits-all approach to implementing ZTA. ZTA must be tailored for each organization based on business needs.
T-Rex’s cyber experts have been working with organizations to enhance their security posture through a tailored ZT strategy for a hybrid or cloud environment. By working with ZT experts, we will help you accelerate your cybersecurity goals and, in many cases, also impact increased cost savings as part of your cloud path to zero trust maturity.
Want to learn more on how to implement ZTA within your organization? Contact us at firstname.lastname@example.org.
To review the full whitepaper, click here.