Where to start when implementing a Zero Trust security model for an enterprise?


Please share your expertise and experience with the community on how to start implementing a Zero Trust model in an enterprise.

Thank you!

22 Answers

author avatar
Top 5LeaderboardReseller

What is zero trust?

Assume zero trust when someone or something requests access to work assets. You must first verify their trustworthiness before granting access. Zero Trust is rapidly becoming the security model of choice for many organisations; however, security leaders often struggle with the major shifts in strategy and architecture required to holistically implement Zero Trust.

As Zero Trust security itself is a strategy, so too is its deployment. The best approach to reaching a Zero Trust framework is to start with a single-use case, or a vulnerable user group, for validation of the model.

Main Pillars of Zero Trust and where to start

1. Inventory of Devices ( HW and SW Asset )

2. Identities ( Visibility and Management of Users ) – including internal and external workforce, services, customer access and IOT components

3. Privilege Account and Access Management, Least Privileges for std users

4. NAC, Visibility of Devices connected to your network- and enforcing device health and compliance

5. Apps and APIs – ensuring they have appropriate permissions and secure configurations

6. Endpoint Management Solution

7. Data – giving it the necessary attributes and encryption to safeguard it.

8. Networks – establishing controls to segment, monitor, analyse and encrypt end-to-end traffic

author avatar
Community Manager

@ABHILASH TH, thank you for this detailed answer.

author avatar
Community Manager

Hello @JacquesBodenstein ​, @Mike Hancock. Perhaps, you can help? Thanks

Find out what your peers are saying about CyberArk, One Identity, Thycotic and others in Privileged Access Management. Updated: May 2021.
479,894 professionals have used our research since 2012.