Despite acknowledging its security benefits, many organizations hesitate to implement a Zero Trust model.
The primary concern is that “brownfield” environments have too much technical debt to overcome, so it can be applied only to net new environments (greenfield).
Further, organizations assume benefits can be realized only when everything has been Zero “Trustified” all at once — that there’s no in-between state on the road to Zero Trust that’s beneficial and achievable.
According to Forrester’s Zero Trust framework, to achieve a complete Zero Trust posture, an organization must:
- Implement least-privilege access across all workloads, networks, people, devices and data.
- Ensure these controls are fully driven and maintained through automation.
- Leverage visibility as a facilitator for #1 and #2.
- Monitor continuously to maintain the integrity of the Zero Trust state.
That’s quite a task. No wonder some companies choose to defer putting it into practice. But what if, instead of taking the “all or nothing” waterfall approach to delivering Zero Trust, we took a more incremental, agile approach that allows an organization to make small, realistic steps toward achieving Zero Trust.