How Do I Start My Zero Trust Implementation?

This topic answers the fundamental question for any deployment activity: “Where do I start?”
Education and collaboration begin the journey to Zero Trust security. You and other stakeholders who will identify what’s valuable to your business and how to protect it need to understand Zero Trust concepts, principles, and goals.
  1. Create a Zero Trust Center for Excellence. This is a cross-functional team of business leaders (business and technical decision makers), IT, information security, infrastructure, application developers, and other stakeholders. The team defines and identifies each protect surface and the data, applications, assets, and services (DAAS elements) that make up each protect surface. They prioritize the most valuable protect surfaces for your business and plan and implement the Zero Trust strategy. The team remains involved in maintaining the deployment as the business changes. Business leaders can speak to desired business outcomes, compliance requirements, and the value of business assets.
  2. Follow The Five-Step Methodology to map the segmented network you want to build.
  3. Start the transition with one or more small, well understood, low-risk (not critical to business operation) segments to learn from the experience. Don’t start with critical assets. Next, test your learning on one or more practice segments. When you feel ready, place your most business-critical protect surfaces (the DAAS elements that make up the protect surface) in Zero Trust microperimeters, one microperimeter per protect surface. After that, convert the next most valuable set of protect surfaces to Zero Trust, etc.

Recommended For You