FINAL WORD
Matthew Heap , Head of Solution Architecture , APJ for Rackspace Technology owners and admins and application owners . This kind of scope means the CIO / CTO will often be the lead , with the CSO / CISO a critical contributor thanks to their perspective on risk management .
Organizations must also invest time in awareness building and socialisation of the benefits of zero trust , creating detailed FAQs and sharing them via company newsletters and intranets with plenty of links to resources . Trust us : education and communication before rollout can save businesses a lot of help desk pain as their policy and process changes start going live .
help integrate appropriate technologies to provide for authentication , access control , micro segmentation and monitoring .
Prior to enforcement , it is recommended to identify and build company policies and then soft launching policies in logging mode to help refine the picture of what ’ s going on in the environment . This offers the opportunity to test processes before launch , to both mitigate the risk of taking down critical systems and to identify patterns and processes that can be automated .
From there , adopt rolling implementations to subsets of users – in parallel to business ’ existing security systems at first – to iron out processes and build confidence in the user base .
It ’ s worth mentioning that it ’ s likely to be very difficult to get all this right without using agile methodologies within the project to deploy DevOps . The early stages are a lot of work with a lot of changing priorities . So use agile methodologies to hasten and pivot where necessary .
Furthermore , operational overheads can quickly mount , owing to the multiple and on-going changes and updates to infrastructure and policy .
Trust us : education and communication before rollout can save businesses a lot of help desk pain as their policy and process changes start going live .
Start small , start critical – and utilize DevOps
Businesses can get off on the right foot with zero trust by starting small to build a series of incremental but highly visible wins . They may want to start with access control and then move inwards towards more complicated data center implementations .
If IT teams start with a baseline across their environment , they can add to this as they discover and classify workload and data . At the same time , start lining up technology solutions and their configurations . Understand the requirements and select partners to
DevOps can help here as IT teams work toward automating user and device updates , or application and systems access flows . With infrastructure as code , for example , systems can be created that allow users to self-serve by registering a ticket for a new device , which then pushes out an update to the infrastructure . There are also technologies now that can help deploy DevOps to legacy workloads as well as apps built in a legacy manner .
Zero trust is worth the effort
Moving to a zero trust security strategy takes several months of hard work and many hours of on-going monitoring and management . And yet it ’ s a journey we expect the majority of enterprises will undertake .
The shift we have seen to remote work this past year won ’ t reverse fully and for some , it may become the norm . So executive-level anxieties will remain over whether users ’ end-points are protected , the mitigation of insider threats and the risks of lateral movement by intruders should they make it through their perimeter defenses .
It ’ s not magic ; there ’ s no silver bullet in security . Zero trust is a way to move organizations away from perimeterbased security to a secure access service edge ( SASE ) as businesses continue its Digital Transformation . p
84 INTELLIGENTCIO APAC www . intelligentcio . com