It can be intimidating when there are many discussions of Zero Trust and seemingly a myriad set of answers, changing with each vendor required in the Zero Trust architecture stack.
From the study of successful Zero Trust implementations, here are some key questions we developed that can help you better asses your critical services and vendors to partner with on Zero Trust:
Question 1: Are you NIST 800-207 compliant?
This ensures that you don’t have to change your architecture if you switch vendors. The NIST framework is independent of any single vendor technology.
Question 2: How do you protect threats against…?
- human (users, privileged users) credentials
- non-human credentials (service accounts)
- the identity store (e.g. Active Directory protocol attacks)
Identity is critical for stopping breaches and knowing how identity is incorporated is critical to ensuring Zero Trust is successful.
The Complete Guide to Frictionless Zero Trust
Download the white paper to learn about frictionless zero trust and the key principles of the NIST 800-207 framework.
Download NowQuestion 3: Do you implement a risk based policy approach for Zero Trust?
Since Zero Trust requires continuous validation, just inserting MFA into every transaction is impossible for users and not scalable for applications at all. So policy actions must be based on dynamic risk models and only challenge when risk changes – at the device or user levels. This ensures continuous validation, without compromising user experience.
Question 4: What data can you process, in real-time, without having to create huge log files?
In order for Zero Trust policy to execute effectively (e.g. automating context per NIST guidelines discussed earlier), identity security data must be processed in real-time, avoiding the need to dump large amounts of data for post-analysis – which is too late and too costly. In addition, correlation between devices and users is critical for understanding an attack story.
Question 5: Do you do more than just Zero Trust Network Access?
Some organizations claimed Zero Trust is Zero Trust Network Access (aka, ZTNA, next-gen VPN access). However, this is not a critical element of the Zero Trust framework. It is important to update and secure access methods to various environments, but since Zero Trust requires a no-trust framework, Zero Trust must include elements of endpoint, identity, workload and other components for a reliable solution. ZTNA is a small portion of a Zero Trust framework.
ACCELERATE YOUR ZERO TRUST SECURITY JOURNEY
Download our infographic and see where organizations like yours are in their Zero Trust journey, their preferred framework, key focus areas, and success metrics in operationalizing Zero Trust security.
Download NowQuestion 6: Can you extend your Zero Trust platform to support my existing vendors and investments?
And what about my SOAR and SIEM infrastructure? And email and Secure Web Gateways? A well developed platform for Zero Trust will include pre-integrations and APIs to major SIEM vendors (i.e. Splunk Phantom and Palo Alto Network’s Demisto), identity providers (i.e. AD, ADFS, AD Azure, Okta, Ping Identity, SSO), CASB vendors for SaaS protection (i.e. Zscaler and Netskope), and other connections to ensure you can leverage the data and systems you already have.
Question 7: How do you protect against unmanaged systems or legacy systems?
Zero Trust is only effective if it can protect all your users – including contractors and supply chain vendors where you may not be able to install agents to manage endpoint devices. In addition, legacy systems may require MFA, but may not have the ability to do so easily.