The Path to Zero Trust Maturity

The Path to Zero Trust Maturity

Date: November 7, 2021

As the world continues to battle the pandemic, a remote workforce persists. Given the sudden and continued need for remote capabilities, organizations are forced to assess and consider strengthening their security measures to meet an entirely new set of demands from cyber threats. With the new reality of an increased, ever-evolving threat landscape, organizations must truly assess current strengths and weaknesses in terms of cybersecurity to pinpoint areas of improvement. These cyber threats must be addressed through strategies such as Zero Trust (ZT), further bolstered by President Biden’s Executive Order (EO) 14028 which calls for improvements in the nation’s cybersecurity by mandating the adoption of a Zero Trust Architecture (ZTA).

T-Rex’s cybersecurity leaders Jyoti Wadhwa and Dr. Allen Harper co-authored an industry-leading white paper in partnership with the Cloud Security Alliance (CSA) that provides industry stakeholders with guidance on how to develop a ZT strategy including a prioritized investment roadmap that is in alignment with EO 14028. Industry and government alike must develop a ZT strategy and implement a ZTA to meet the mandates from the EO as well as to address a sophisticated threat landscape that includes hybrid and cloud environments.

As organizations seek to adopt a Zero Trust Architecture (ZTA), there are many different paths in industry from which to choose. The aim of Jyoti Wadhwa and Dr. Allen Harper in this white paper is to provide a guided approach to how your organization can navigate this complex, hybrid environment to develop the best ZT strategy for your organization. Their guidance for organizations begins with first assessing a current state of ZTA maturity. The Cybersecurity and Infrastructure Security Agency (CISA) provides a Zero Trust Architecture Capability Maturity Model (ZTA-CMM) to do exactly this. The ZTA-CMM is comprised of five pillars of Identity, Device, Network, Application/Workload, Data and three cross cutting attributes of Visibility and Analytics, Automation and Orchestration, and Governance.

ZT Maturity Level

To better understand your organization’s ZT Maturity level, you must conduct reviews and analysis with key stakeholders that account not only for the technology but also for the people and processes behind the technology. Using CISA’s ZTA-CMM five pillars, your organization can assess its current ZT maturity level. The initial assessment and results serve as baseline towards developing a comprehensive ZT Roadmap.

ZT Roadmap

Once the current state of your ZT Maturity Level is established, the identification of gaps between a desired future state begins. In this step of a ZT strategy, organizational stakeholders are informed by their risk tolerance levels to identify any additional investments needed to meet the organization’s target security posture.  The resultant roadmap yields a clarified and detailed plan that prioritizes capital and resource allocations, through a phased approach to meet its security requirements over a defined timeline.

As the ZT-based solutions are implemented, they should be guided by industry best-practices such as the recent NIST SP 800-207 on ZTA; the Cloud Security Alliance CSA Cloud Controls Matrix (CCM) or government Security Technical Implementation Guides (STIGs).

There is no one-size-fits-all approach to implementing ZTA. ZTA must be tailored for each organization based on business needs.

T-Rex’s cyber experts have been working with organizations to enhance their security posture through a tailored ZT strategy for a hybrid or cloud environment. By working with ZT experts, we will help you accelerate your cybersecurity goals and, in many cases, also impact increased cost savings as part of your cloud path to zero trust maturity.

Want to learn more on how to implement ZTA within your organization? Contact us at cybersecurity@trexsolutionsllc.com

To review the full whitepaper, click here.


recently posted
DataOps: Toward an Incremental Data Process

DataOps: Toward an Incremental Data Process

Data science projects are known to have a high failure rate of up to 85% despite the nature of their important role to business. Integrating data analytics into core Information Technology (IT) capabilities can be elusive and daunting. “If we […]

FinOps: Modernizing Cost Planning and Management in Hybrid IT Environments

FinOps: Modernizing Cost Planning and Management in Hybrid IT Environments

According to the latest forecast from Gartner, Inc Worldwide, end-user spending on public cloud services is forecast to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion in 2020. While cloud spending is increasing at a rapid […]

What is Zero Trust and Why Do I Need It?

What is Zero Trust and Why Do I Need It?

The traditional approach to cybersecurity, known as perimeter and defense in depth models, are not enough. Bad actors continue to evolve their methods of attack to access an organization’s most mission critical systems. How can your business withstand a cyber-attack?

How to modernize to the cloud: A Census Case History

How to modernize to the cloud: A Census Case History

The 2020 Census went online for the first time ever without a single second of downtime and zero hacks. T-Rex helped contribute to this success as the Technical Integrator. T-Rex’s Chief Technology & Innovation Officer Jason Keplinger and Chief Engineer […]