Page 230 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 230
The continuous improvement of Zero Trust in theory and practice has gone beyond micro-segmentation,
software-defined perimeter, and evolved into adaptive identity-based security solutions.
Steps to building a Zero Trust for a perimeter-based network
For an organization looking to deploy Zero Trust, a survey of assets, subjects, data flows, and workflows
is a good place to start. This will provide enterprises with detailed information on the current state of
assets before introducing any new business processes. The implementation of ZTA can be broken down
into several steps:
Identify enterprise subjects: The policy engine must possess knowledge regarding all enterprise subjects,
especially privileged users. The architecture is built in an inclusive way to provide IT administrators the
flexibility to perform business-critical tasks.
Identify enterprise-owned assets: The key component of ZTA requires identifying and monitoring both
enterprise-owned and non-enterprise-owned devices on the enterprise network. Hardware components,
virtual assets and BYOD assets are continuously logged and monitored to ensure that the policy engine
has detailed information while making resource access decisions.
Identify key processes: The enterprise identifies and ranks business processes as perceived by their
importance. Low-risk business processes are transitioned during the initial migration, whereas mission-
critical processes are migrated later. In a perimeter-based architecture, it is often difficult to make
enterprise resources available to remote employees. In such cases, transitioning cloud-based resources
to Zero Trust architecture benefits remote employees in availability and security. The policy enforcement
points ensure that all subject requests follow access policies to gain access to resources.
Creating policies for the Zero Trust environment: The enterprise identifies the value of subjects,
workflows, and business processes based on the risk associated with them. After this point, the IT
administrators determine which trust algorithm variation can be followed to ensure that all enterprise
policies are extensive and effective.
Identify solutions: The enterprise architects decide on the deployment model and the solution
components based on key business processes and their valuation.
230