How to Develop a Zero Trust Strategy
So how do you move toward Zero Trust Identity? The first step is to begin with an assessment. You need to understand your asset universe and where sensitive data resides. You’ll need to begin by gaining a thorough understanding of the IT asset and identity ecosystem that spans your organization. Where do mission-critical, sensitive, and regulated data reside? Then, determine who has access to those assets. Among those users, how many have elevated privileges? Are these standing privileges?
Next, you’ll want to focus on how access policies are administered and enforced. The least mature organizations are those that configure access and assign attributes manually that enforce static security policies, and that lack integrated access governance and privileged access management capabilities as well as cross-organizational visibility. Organizations that are beginning to centralize visibility, identity management, and policy enforcement will be further along the road to Zero Trust, particularly as they become better able to enforce least privilege access automatically.
Once you’ve centralized policy administration and enforcement, the next step is clean-up. Conducting an organization-wide analysis to determine where there is excessive access will enable you to limit and ultimately remove it. How many (if any) of your existing security policies are implemented in a least privilege manner?