Search
Close this search box.

Challenges of Adopting Zero Trust

Why adopting a Zero Trust approach is not as straightforward as it might appear

Written by Steven Daniëls and David Morimanno, thought leaders at Xalient Group.

The world has changed. With the move to hybrid working, the rapid adoption of cloud, increased use of mobile and IoT devices, and more, every organization’s attack surface has expanded and businesses are finding it harder than ever to protect their networks and digital assets.

This will undoubtedly be the central theme for this year’s Cybersec Europe. Taking place on May 29th and 30th in Brussels, focuses on equipping businesses with the knowledge and solutions to secure their digital assets and enhance cyber resilience.

Beyond Securing Assets: A Holistic Approach

But it is not just about securing assets. Traditional boundaries have blurred between businesses, suppliers, customers, workers, and home-life. Organizations must have all the appropriate governance and systems in place so they can view cybersecurity from a holistic and integrated perspective. This is where a Zero Trust strategy with identity at its core is essential.

The Principle of Zero Trust

Organizations that adopt Zero Trust principles assume every connection, device, and user is a potential cybersecurity threat. By eliminating implicit trust, the Zero Trust model advocates for a security policy in which nobody is inherently deemed safe, regardless of role or responsibility.

Zero Trust security offers a new way of securing access and IT leaders are embracing it. In a recent study, organizations with a mature Zero Trust implementation scored 30% higher in security resiliency than organizations without a Zero Trust strategy.

Zero Trust Implementation – The Challenges

While this all sounds great on paper, in practice taking such an approach is inherently hard for organizations to achieve. Many don’t fully understand all the different aspects of their security infrastructure to be able to implement a holistic Zero Trust approach. I say this because most approach security from a siloed perspective, as do most vendors. Not one vendor has every aspect of Zero Trust covered, with vendors delivering various solutions from identity to access control to micro-segmentation to endpoint verification to network access to real-time monitoring.

Likewise, within the organization different teams will be delegated different security tasks. For example, network management and identity management often sit in separate teams. This may require a significant shift in organizational culture, set-up and security strategies, which can be complex and necessitate buy-in from several different levels. Substantial changes to existing network infrastructure may be required, which can be costly and time-consuming. Achieving comprehensive visibility and control over all network connections can be technically challenging, especially in complex environments.

Xalient’s Holistic Approach to IAM

Xalient looks at identity and access management from every angle. How accounts, whether a person, system or process gets in through the network, via devices, their behavior, governance, and so much more. This is because Xalient has years of proven experience in identity, cybersecurity and networking, with the acquisition of Grabowsky and Integral Partners having further deepened its IAM expertise. This cross-domain capability makes it possible to look beyond siloed teams. For example, Xalient’s AIOps solution MARTINA has the capability to predict anomalies in behaviors around privileged access accounts.

Tailored Solutions for Digital Transformation

For example, one of our clients is transitioning from a physical business to a global digital platform.  This digital transformation involves various solutions and vendors for different aspects of the project. The current challenge they face is how to integrate all these components and derive value from them. We are dedicated to helping our clients visualize their desired outcome and outlining the necessary steps to successfully implement this crucial transformation. Our expertise encompasses networking, security, and identity, and our strong managed service capability uniquely positions us to support them throughout this process.

We have another client where privileged access management is important. They are involved in secrets management which means making sure their DevOps environment, where secrets are used in their software development, is used appropriately. We helped them successfully deploy this project and now we are preparing for a Zero Trust workshop.  Together we are plotting the steps towards the future making sure their cybersecurity team takes all the different aspects into consideration.  We can do this as we have hands-on experience in so many different aspects of identity security and networking.

Our top six considerations when adopting a Zero Trust approach with identity at its core include:

  1. Make sure you encompass all identities into your road map. This includes third party access, vendor management, partners, employees, contractors – all identities must be handled appropriately.
  2. Understand your organization’s critical digital assets, categorize them based on sensitivity, and correlate access needs with job positions. This step aids in prioritizing security efforts and detecting vulnerabilities through a security risk assessment.
  3. Restrict user access using the principle of least privilege. Implement access control policies, leverage identity management, and conduct regular access reviews to align permissions with job responsibilities.
  4. Understand your risk posture and spend your euros wisely. This means having a complete understanding around access and a comprehensive road map. The challenge today is that most CISOs are so busy with different aspects of legislation, compliance and risk management that they don’t have time to focus on the bigger picture. It is critical that they make time.
  5. There is a shortage of qualified, specialist personnel. Therefore, be clear on what topics and intelligence you want to retain within the organization and what you could outsource. For example, Privilege Access Management is complex and your organization probably doesn’t need this level of specialist expertise, so outsource to the experts.
  6. Remember the importance of communication within the business security teams which is vital to building internal support. To achieve this, security teams must inform and guide users through the phases of the Zero Trust implementation while continuing to emphasize the benefits to them.

With this vision and understanding, the steps to success become more achievable. Here at Xalient we can deliver not only a managed service but a single point of contact for different aspects of your Zero Trust journey so you have one contact managing different aspects and vendors.

Join us at Cybersec Europe 2024

If you are interested in learning more about Xalient’s approach to Zero Trust why not listen to our talk: “Why Zero Trust starts with identity” at Cybersec, which is being held on Wednesday, 29th and Thursday, 30th May at 14.45 pm in Theatre 7. Or you can find us on stand 05.A042.

Steven Daniëls MD – European Identity Practice, Grabowsky a Xalient Company
David Morimanno, Director of IAM Technologies at Integral Partners, LLC, a Xalient Company

Why adopting a Zero Trust approach is not as straightforward as it might appear

Share this Post:

Subscribe to Newsletter!

Portrait of Mark Foulsham, Board Advisor, NED, COO/CIO, Fractional Support, Digital Leadership Coach

Mark Foulsham

Board Advisor, NED, COO/CIO, Fractional Support, Digital Leadership Coach

With a broad background as a COO/CIO/CDO, C-Suite Advisor, NED, Senior Transformation Leader and Coach, Mark tackles multiple fronts from the advantage of diverse experience in business operations, technology, procurement, delivery and risk. With a deep knowledge of business models from multiple sectors and extensive experience in fast-paced digital start-ups.

Mark’s work across extensive business types, functions and countries empowers him with experience to bear across silos. Mark has built a reputation for advocating cross-business collaboration, taking a pragmatic approach and championing transformative change.