Moving to a zero trust environment is so important that CEOs may have to appoint a manager to complete their projects, says a senior IT executive.
“Showing leadership, demonstrating how important it is to the organization, putting someone in charge of getting to a zero trust stance is really critical. No matter how you demonstrate that to your stakeholders, it’s really critical someone stand up and say, ‘We’ve got do better at this, we have to do it comprehensively across the entire organization. And we have to do it soon because the threats aren’t getting easier to deal with.’”
Zero trust — a security strategy that assumes no one on the IT network should be trusted — is a philosophy, Engates emphasized, not a product. This is why it can take a while to implement, depending on an organization’s cybersecurity maturity.
Implementing that strategy can begin with ensuring cybersecurity basics are covered — starting with ensuring the organization’s DNS server filters known malware, and moving to identity management, access control, phishing-proof multifactor authentication and more.
Cloudflare has created a zero-trust roadmap with 28 steps in four phases. Not every organization needs to implement that much detail. But the point is, for some large firms, nailing down a zero-trust approach can take a while.
But, Engates said, it can be done in bite-sized chunks. “You can take what you need from a zero-trust architecture. Maybe you’re trying to secure your remote users or contractors. Start there (then) start with the applications that need the most security and work your way out.”
It doesn’t cost a lot for a small organization, he said, while larger ones can start small and expand over time.
Whatever way your firm decides, he said, “get started and get moving.”