2. How Expensive Is It to Implement Zero Trust?
Implementing zero trust requires substantial one-time and ongoing expenditures, but the hope is that the spending will reduce other costs by helping to prevent data breaches and other incidents.
Zero trust involves the entire technology stack, from physical hardware and networks to applications and users. Neglecting any layer of the stack in your zero-trust implementation will make that layer the new weak link for attackers to target.
Going to zero trust isn’t something you can do all at once. It requires a transition over time; in most cases, that can be years. That makes the expense a little easier to handle, but it still may be a major strain. To help with this, make sure that zero-trust support is a consideration not only in your future technology procurements, but also in your internal technology projects.
3. How Much Retraining Will My Workers Need?
Security professionals will need additional training to understand the concepts, details and implications of zero trust, and how everything must work together to achieve it. Some security professionals may need training in particular types of technologies often used in zero-trust implementations, such as secure access service edge (SASE) solutions. Networking professionals may need similar training, as zero trust may require network architecture changes.
System administrators, technical support staff and others with security administration or support duties will also need training, mainly on basic zero-trust concepts and on any changes to the tools they use or the way they will do their jobs. Other technology and information workers may need additional training, but only on the specific tools, systems or other resources they are responsible for.
End users will also need some retraining, but much of this can be done in small pieces as necessary, such as teaching them how to use multifactor authentication instead of just a password, or how to use a SASE solution instead of a VPN for remote work. Sometimes the new way will even be easier than the old way.
4. Will Zero Trust Integrate with Existing or Legacy Technology?
For the most part, yes. For example, many operating systems already support the identification, authentication and authorization/access control features needed for zero trust. Much of your existing technology may already support zero trust, although your agency might not yet be using those features.
Legacy technology is less likely to be able to support zero trust directly, but that doesn’t necessarily mean you should plan to phase it out just for the sake of zero trust. In fact, you may find that you can use zero-trust concepts to provide stronger security for your legacy systems and software. For example, an agency can keep legacy resources strictly isolated from all others except when access is absolutely necessary and you can establish sufficient confidence in the identity and integrity of the user, device, service or other resource seeking access.
5. How Can I Add Zero Trust to an Ongoing Cybersecurity Upgrade?
Zero trust is heavily based in knowing what your digital resources are, including accounts, devices, data, systems, software, hardware and services, and having reliable mechanisms for verifying their identities and integrity. In any planned cybersecurity upgrade, pay particular attention to implementing strong authentication and the principle of least privilege. They will advance you along your zero-trust journey, and they’re sound practices to follow regardless of whether you’re pursuing zero trust.
Also look for opportunities to replace older generations of cybersecurity solutions with newer ones. An example is replacing legacy VPN solutions with more flexible solutions that better support zero trust, such as SASE.
Every journey begins with a single step. Take your first step today.