Intelligent CISO Issue 43 | Page 42

Rather than thinking of Zero Trust as an end result , it ’ s best to think of it as a journey .
Zero Trust architecture helps an organisation to reduce the risk exposure created by an increasingly dispersed workforce and network infrastructure .
EXPERT OPINION

Rather than thinking of Zero Trust as an end result , it ’ s best to think of it as a journey .

( 19 %) were concerned that they did not have the resources to see the project through to completion .
Although technological issues are very common , they are usually fairly straightforward to solve with the right strategy . The best approach is to view Zero Trust as a series of smaller projects rather than one huge undertaking . Breaking implementation down into manageable stages will make it easier to allocate budget and resources to start making progress .
Fears and misconceptions
Cultural barriers can be more nebulous and harder to pin down , particularly as people are often naturally wary of new and different things . A third of respondents said that their organisation tended to be resistant to change unless it was directly mandated by compliance regulations .
Outside of the general fear of the unknown , Zero Trust seems to have sparked confusion due to a lack of understanding about what it actually is . To be clear , Zero Trust is a strategy where you assume you ’ ve been breached and operate as though attackers already have access to your environment .
The name seems to be an issue – a third of business leaders are worried that their employees would take implementing Zero Trust architecture as a sign that they were the ones not being trusted . Likewise , a fifth of respondents stated that their board of directors didn ’ t understand what Zero Trust was and would be unlikely to sign off on it .
Productivity was also a major concern , with an assumption that there would be issues around personnel being able to access assets and information or collaborate with others . This is another issue that stems from a lack of real understanding about Zero Trust strategy , which in reality , should have no impact on productivity as long as users are connecting securely .
The human element is harder to plan around , but at a time when we ’ re in desperate need of resilient and proactive approaches to cybersecurity , we need to find ways to overcome the fears and misconceptions about Zero Trust architecture .
The best approach is to concentrate on education and awareness . CISOs and other IT leaders need to spearhead an information campaign within the organisation that clarifies what Zero Trust is and why it is beneficial to the entire business .
Board buy-in is particularly important in order to secure the necessary budget , but awareness efforts also need to encompass the wider workforce to support adoption . All employees should have a clear understanding of what Zero Trust architecture means for them . Security teams need to emphasise the fact that Zero Trust is a user-friendly and unobtrusive approach intended to keep everyone secure and it is not reflective of individuals ’ trustworthiness . Zero Trust is a philosophy that only grants trust to users , devices , or workloads once they ’ ve been verified .
Getting started
Taking an organisation through to full operation-wide Zero Trust implementation is a massive task – one that can easily appear overwhelming when beset with budget limitations , technical issues and cultural resistance .
But rather than thinking of Zero Trust as an end result , it ’ s best to think of it as a journey . Like most long journeys , it can start small , follow many paths and be broken down into manageable sections .

Zero Trust architecture helps an organisation to reduce the risk exposure created by an increasingly dispersed workforce and network infrastructure .

42 www . intelligentciso . com