Forrester Report: Practical Zero Trust Implementation

Forrester Report: Practical Zero Trust Implementation

What can your enterprise do to ensure practical Zero Trust implementation? Zero Trust represents the security model of choice for both businesses and public organizations. However, IT decision-makers often struggle in implementing Zero Trust on their business networks; sometimes, they feel challenged by the fundamental shifts in strategy and architecture Zero Trust demands. 

Thankfully, practical Zero Trust implementation doesn’t require ripping out all your current security controls. In fact, with the right approach, you can realize the benefits of Zero Trust immediately.

To learn more, we take a look at The Forrester Report January 2020: A Practical Guide To A Zero Trust Implementation. This report, created by Forrester and provided by Okta, details the practical building blocks of successful implementation. 

What is Zero Trust? 

Zero Trust says explicitly that businesses and IT security teams should not trust any application or user connecting to the network. It does not matter whether the connection comes from within or outside the enterprise network—everything needs to undergo a rigorous verification process before receiving access. Every user, data source, and application remains untrusted until proven otherwise. 

To put this in analog terms, imagine going through the airport. Every step of the process requires checking IDs and verifying that your passport and other credentials match. You cannot board a plane until you go through this process.

Traditionally, capabilities such as single sign-on, multifactor authentication, and the principle of Least Privilege reinforce Zero Trust.    

Practical Zero Trust Implementation Advice from Forrester

For practical Zero Trust implementation, businesses should first understand that this is a marathon, not a sprint. Trying to move too quickly can actually contribute to unsuccessful implementations. Zero Trust architecture, which requires moving from a perimeter-based security model to one on continuous verification, needs careful consideration. At a minimum, it necessitates new security investments or a shift in investments. Further, your business must determine the key players critical for your Zero Trust strategy.  

Practical Zero Trust implementation must integrate existing security, IT and business projects. Forrester encourages enterprises to think of the implementation process in terms of phases. Phase 1 involves performing set-up and resourcing tasks as businesses build program benefits tracking and security maturity assessment. Meanwhile, Phase 2 includes implementing multifactor authentication and device security controls. 

Additionally, it might help to think about plotting maturity to discover your Zero Trust starting point. Often, this includes establishing your current baseline, identifying current business initiatives and existing security capabilities, and setting your desired maturity state. Also, it means setting a time frame to achieve your desired state.

Your business can also create roadmaps for Zero Trust implementation for workloads, devices, networks, and data. Of course, implementing Zero Trust should start with identity and device security. Forrester finds that to help enterprises achieve early and rapid successes in their plans.   

How to Learn More

You can learn more about Zero Trust implementation for your business. Start by downloading The Forrester Report January 2020: A Practical Guide To A Zero Trust Implementation; it is provided for free by identity management solution provider Okta.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner