Page 191 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 191
1. Map the environment.
Mapping the environment gives IT teams a clearer picture of the task ahead. With most companies
containing many moving parts, start with one application or workload to get a grasp on the number of
users, amount of traffic, required applications, and connections between all entities.
2. Define trust zones.
Trust zones are basically data assets that should be segmented, monitored, and protected as units, falling
under a set of access policies. Automation can assist in identifying trust zones by looking at workloads
in the same network segment, but always make sure to have human administrators verify that zones
align with business practices.
3. Create security policies.
Security policies will dictate access not only to assets, but also between trust zones. Powerful policy
engines will help by recommending policies, which will streamline the process.
4. Observe traffic between trust zones.
Schedule an observation period to capture the traffic patterns between established trust zones. You may
find that certain parties need access to perform urgent tasks, and setting authentication boundaries
between these zones could impact mission-critical activities. This is part of “building the muscle,” which
will get stronger over time.
5. Monitor and refine zones and policies.
Applications come and go. Workflows change. Team members are always on the move. Naturally, you’ll
need to track and adapt the policies that protect high-value assets. It’s important to build in some flexibility
and adaptability into Zero Trust architecture and the security tools used to enforce authentication.
For the ultimate breakdown of Zero Trust best practices and implementation, download a free copy of
the first and only “Definitive Guide to Zero Trust Security.”
Best Practices for Zero Trust Implementation:
With Zero Trust implementation being a new initiative, the chances are good that your organization will
experience some growing pains with Zero Trust architecture. This isn’t uncommon — nor should it serve
as an excuse to abandon the new measures. In our experience, these tactics can often be of benefit:
1. Go zone by zone.
“Boiling the ocean” is never a good idea with Zero Trust architecture. Instead, enforce policies trust zone
by trust zone. Perhaps start with your highest-value application and expand out from there.
191