George WilkesDecember 26, 2021
PODCAST: Getting Real About Zero Trust
Hype and marketing have created a buzz about Zero Trust that isn’t always true to its core. Contrary to what some believe, Zero Trust isn’t a product. So, what is it, exactly?
Zero Trust security is often a misunderstood and misused term. For the podcast series, Zero Trust Thirty, we break down what Zero Trust is and isn’t, explain its origin and offer ways you can start to frame it up within your organization.
Listen to the episode "Getting Real About Zero Trust" featuring Jason Garbis and Jerry Chapman, co-authors of Zero Trust Security: An Enterprise Guide, delivering insightful guidance on:
- Why organizations should think about Zero Trust security through the lens of identity
- The three core philosophies of Zero Trust security
- The differences between on-premises and cloud security
- The importance of the user experience when transforming cybersecurity
- How CISOs can get started in their Zero Trust security journey
What’s bugging our guests?
What’s bugging me? Just getting started on projects around Zero Trust whether it’s identity related, whether it’s network related, endpoint, mobile security—you pick it—cloud enablement. Getting started, that bugs me. Let’s just do this thing and move forward.
For me, it’s very similar. I think organizations do have that urgency around security and around moving forward with Zero Trust. But they sometimes stumble into this pit of despair around paralysis by analysis, which is, “OK, we want to do this. Now let’s spend all this time, months and months and months, looking around every possible asset.”
It’s a tough balancing act and I understand wanting to move quickly and wanting to not make mistakes … understand where you’re going and plan things out. But I think you can’t let perfect be the enemy of good. It’s important to get started, be nimble and adjust and adapt.
Three common Zero Trust security roadblocks and how to avoid them
Many are eager to start their Zero Trust security journey, but hesitate when thinking about complex issues like how to apply it to secure a hybrid workforce or how to stop attacks like ransomware. In this Zero Trust Thirty episode, Jason and Jerry share typical pain points and how to advance past them:
- Misunderstanding the depth of Zero Trust. Policies like microsegmentation or multi-factor authentication (MFA) are important tools, but Zero Trust is more holistic than that. There is no one-stop shop or quick solution. In fact, Zero Trust security isn’t so much about the technology, but it's about adopting a mindset of verifying access between users and resources. This is a culture change that must come from the top of an organization and trickle down.
- Paralysis by analysis. Enterprises are wasting too much time evaluating a situation and not implementing Zero Trust security strategies. It’s daunting to audit your network and see holes and how many access control and networking mechanisms must be accounted for. Instead of inaction or contemplating if you really need to do this for the umpteenth time … just get started.
- Trying to boil the ocean. There’s an implementation maturity curve for Zero Trust security and it’s not feasible to do it all at once. Start by looking for one pain point in your organization or a new project that doesn’t yet have security infrastructure. Start small and scale from there. There is no big switch to flip. Build a road map so that instead of taking on overwhelming tasks like restructuring a network, take manageable steps to a more mature security posture.
Here are more resources that illustrate how Zero Trust security helps organizations overcome the challenges of business and an evolving threat landscape.