Realizing Zero Trust

ZT can enable CISOs to move beyond reactive approaches that mitigate vulnerabilities and address threats to a proactive posture that safeguards assets before they are at risk. But the extreme breadth of ZT challenges security strategists—ZT literally extends to every technology and function within cybersecurity.

To build zero trust cybersecurity capabilities, CISOs need to:

Define ZT in terms that are accessible to senior executives and the board of directors, business peers, IT leaders and professionals, and security teams.
Articulate the ways that ZT addresses business objectives.
Prioritize across the wide range of activities and investment areas essential to effective ZT infrastructure and operations.
Secure corporate endorsement and executive sponsorship for ZT strategies.
Parse through the nearly infinite array of ZT technologies and management imperatives and plot a path that combines new capabilities with rationalization of current (and potentially redundant or unneeded) controls, products, and vendors.
Provide a metrics strategy that informs the board of directors and senior leadership team, delivers a clear understanding of security posture and needs to IT and security management, and provides actionable guidance and measurement to the teams responsible for day-to-day security activities.

With this breadth of requirements, CISOs often view ZT as “a continuous journey.” It isn’t a distinct project with a defined endpoint but a means of evolving security controls to meet current and anticipated needs. CISOs able to navigate the complex ZT web of business, technical, and strategic requirements will help their firms move faster and more surely through a market that is changed daily by M&A, regulation, new competitors and trading partners, and shifting customer demand. These CISOs will not simply defend their corporate assets—they will position security as a source of competitive advantage in the digital world.