The Five Steps to Approaching Zero Trust
Implement Zero Trust strategy with a five-step approach
that takes you from identifying critical elements to protect to
architecture to maintenance.
The five-step approach to a Zero Trust strategy creates a logical, clear path to
protecting your environment, data, applications, infrastructure, services, and users.
The way you apply the strategy depends on the assets that you’re protecting (location,
risk if compromised, value to the business, access requirements, etc.) and your business
requirements, but the outcomes you’re working toward are similar:
Segment the network effectively and efficiently to prevent lateral movement across your network
if there is a security issue.
Protect business-critical data and infrastructure from unauthorized applications and users to
reduce attack vectors.
Protect business-critical applications from unauthorized access and usage to reduce attack
vectors.
Enforce consistent security policy seamlessly across your enterprise—networks, clouds, and
endpoints—to simplify management and provide the same level of access and
security to users across all use cases. The same security policy applies to
users wherever they go in your network so that enforcement is consistent across
the network.
The five-step approach works across your entire enterprise, whether you’re implementing a Zero
Trust strategy in the cloud, on a private network, or on endpoints. The following
sections describe each of the five steps and how to accomplish them.
- Step 1: Asset Discovery and Prioritization: What users, devices,
infrastructure, applications, data, and services are in your network.
- Step 2: Map and Verify Transactions: Understand how users,
applications, data, and infrastructure interact.
- Step 3: Standards and Designs: Your architectural framework and
your strategic approach to implementing that framework.
- Step 4: Implementation: How to use your standards and designs and the
information about your assets, prioritization, and transactions to implement Zero
Trust principles on your network.
- Step 5: Report and Maintenance: How to maintain your Zero Trust
implementation.