Tired: Zero Trust is a Journey
Wired: Zero Trust is a Transformation
Inspired: Zero Trust is About Relationships
So many CIOs and CISOs I engage with are over it. They’re done with hearing from vendors who endlessly repeat the phrase “zero trust is a journey.” Yes, it’s true that implementing zero trust principles across your users, devices, apps, clouds, and data doesn’t happen overnight. Anyone who tells you otherwise is not being honest.
That said, thinking of zero-trust security as a journey adds fuel to the Sisyphean fire. It provides no guidance for helping you know if you’re pointed in the right direction, choosing the right paths to take, how well you’re doing, or how long it will take to arrive at your destination. Are we rolling the same boulder up the hill every day, or are we making progress? Who knows.
Adopting a zero-trust architecture across your enterprise is transformational. It requires a change in mindset, not just in toolset.
No matter what a vendor tells you, zero trust cannot be solved quickly or with technology alone. The transformation zero trust inspires is one that requires a change across people, process, and technology. It demands strong relationships within the organization, even as the transformation strengthens those relationships. Cultural changes as well as operational are on the table.
Yes, that’s a tall order. But not impossible.
Anytime one is faced with a transformational challenge, it’s useful to consult others who have made progress and have found the quick wins. How do they do it? What are some common practices that others can replicate for their own zero trust goals?
According to recent analysis based on data from the Security Outcomes Study, Volume 2, zero trust progress can be achieved no matter the level of complexity in the IT infrastructure. Across the spectrum of simple to complex IT environments, organizations can simultaneously make progress towards zero trust security while also improving outcomes.
In fact, those organizations who report making progress towards zero trust or have mature implementations of zero trust all focus on well-defined outcomes: from gaining executive confidence to creating a security culture, from streamlining IR processes to meeting compliance, and more.
Teams with more mature implementations of zero trust have achieved outcomes consistent with building security resilience by prioritizing these practices:
- Accurate threat detection
- Proactive tech refresh
- Prompt disaster recovery
- Timely incident response
- Well-integrated tech
Other findings from this guide:
- Relationships are tied to zero trust successes. Organizations that claimed to have a mature implementation of zero trust were 2X more likely to report excelling across desired outcomes such as greater executive confidence (47%), peer buy-in (45%), keeping up with the business (46%) and creating a security culture.
- Zero trust progress can be achieved no matter the size of an organization or the level of complexity in the IT infrastructure. Across the spectrum of simple to complex IT environments, we discovered that organizations, large or small, can make measurable progress towards zero trust security.
- Organizations that reported a mature implementation of zero trust were more than twice as likely to achieve business resilience (63.6%) than those with a limited zero trust implementation.
- Organizations with modern IT infrastructures were more than twice as likely to have a mature implementation of zero trust.
- Integrations drive zero trust maturity. And even within organizations that chose integrations, a platform approach of sourcing integrated technology from a preferred vendor was prioritized by 51% of organizations with mature implementations of zero trust compared to out-of-the-box integration at 28.8%.
- Organizations with mature zero trust implementations leverage automation (64.4%) in order improve the actions a zero-trust security model can take.
There are many more lessons learned in Cisco’s Guide to Zero Trust Maturity: How to Find the Quick Wins. Download it today to help you determine where you are today with zero trust, how to gain momentum, and continue to make progress towards zero-trust security.
Guest blog courtesy of Cisco Systems.