Taking the Zero Trust Journey in Steps
“Don’t look down,” I said. He looks down. They always look down. I have to remember not to say that.
“Your deck doesn’t look that bad,” my friend said, “I wouldn’t have noticed until you pointed it out.”
See, I bought a house with the purpose of entertaining. The problem? My wife actually insists on entertaining. I have a long backlog of repairs and upgrades, including my outside deck. Every 4-6 weeks, my wife says, “We’re having people over.” And I say, “We can’t, we’re not ready.”
I protest, pointing at the backlog. We go back and forth, settling on a minimum viable state for the house for the next event. I stress. We take an item off the backlog. We have the party. I’m happy, thinking all this entertaining is done. Then another 4-6 weeks goes by and, well, you can guess the rest.
Back to the outdoor deck party — I explain this cycle to my friend. He’s a CISO in manufacturing. We exchange tips, intertwining tech with home repairs. And as we talk, it dawns on me. I’m scrumming my house parties. Agile home maintenance! Of course! I excitedly tell this insight to my wife. She humors me, then politely excuses herself when we get to zero-trust comparisons.
In cybersecurity, we like our multi-year roadmaps. In home improvements, we like our long-term plans. For both, we like to get everything squared away before inviting people in. That’s simply not feasible in most cases.
Zero Trust: Going Beyond the Perimeter, the white paper we recently released, recognizes the real world gets in the way of the ideal world. The paper explores securing people in the workforce, application workloads, and equipment in the workplace. We provide maturity models for all three.
The first stage of the maturity model is tightly scoping. Determine the priority, pick an item off the backlog, implement it, rinse and repeat. Sadly, there’s no “have a party and admire the work step” in the Zero Trust: Going Beyond the Perimeter. There should be. I’m making a note.
A CISO who is responsive and strategic, is a CISO who has structured their roadmap in sprints. Priorities change. Stakeholders’ interest shifts. The tactics of the criminals and the curious aren’t all that predictable, either. By planning the journey to Zero Trust around staged deployments tied to organizational objectives, CISOs can make steady progress while remaining flexible.
Take it one step at a time, always looking forward. Just don’t look down. Never look down.
Download the guide, Zero Trust: Going Beyond the Perimeter, now and learn about each pillar, the risks they address, options for implementation and proposed maturity levels.