Zero Trust Implementation

How to Implement Zero Trust

Implementing a Zero Trust model poses challenges. Every IT department sees the benefit of the increased security, but Zero Trust is not an out-of-the-box solution; it’s an approach. Transforming a traditional perimeter-based security infrastructure to a Zero Trust Architecture (ZTA) as defined by NIST 800-207 will not be performed overnight. It must be implemented in distinct phases.

The cornerstone of implementation is having a clear idea of what rights each user should have to each company’s resources. Without this initial understanding, Zero Trust can’t be deployed effectively. However, once this groundwork is laid, the rollout can progress through further exploration and policy definition activities before trials and a fully live system.

Zero Trust Implementation Steps

1. Take Inventory

Start with taking stock of all your data stores, applications, assets, and services. This can be a lengthy process but can also uncover existing mechanisms that could facilitate Zero Trust Implementation. For example, there could be useful data flow policies and enforcement controls in place, such as routing and firewall capabilities.

2. Map Transaction Flows

Once you know your inventory, you need to map how each element (users, data, networks and apps) interacts to protect these assets using properly enforced controls.

3. Define Zero Trust Policies

With resources and transaction flows fully understood, set up policies about which users can access what resources, which application they can use for this, when and where access is available, and the authentication methods (such as 2FA and MFA).

4. Begin Trials

Pick some low-risk systems to begin implementation by adding more granular controls using existing network protocols. Only give access between systems where it is required. Static control systems can be used as experiments leading towards implementing a dynamic Zero Trust access control system.

5. Build and Add

As trials prove successful, evaluation of centrally managed Zero Trust systems can begin. Once the traffic flow required for efficient business operations is understood, systems to enforce policy changes dynamically can be designed and rolled out, leading toward the full Zero Trust implementation.

Tips for Implementing Zero Trust

  • Ensure you have a clear idea about the resources the organization has available to users and which users should have access to what, including the level of access each user requires.
  • Related to the above, make sure you know what you want to protect.
  • Introduce Zero Trust in phases with the end goal of implementing it across all systems—otherwise, the intended security will be compromised.
  • Confirm you have robust network monitoring to provide holistic insights into user and resource access, historically and dynamically, in real time.
  • Train employees properly about new authentication processes and their value. 
  • Implement automated authentication like biometrics to provide a user-friendly Zero Touch implementation of Zero Trust.

Examples of Zero Trust Implementation

  • Multifactor authentication (MFA) protects access to data sources and applications.
  • The network is broken into smaller micro-segmented zones to maintain separate access.
  • User devices are monitored to ensure they are not compromised, and the latest security patches are applied, with access limited if checks fail.
  • User behavior is monitored, with departures from typical activities resulting in shorter periods before reauthentication is required.
  • Data access policies are tightly designed and dynamically adjusted for each user to prevent lateral movement from a network intruder.
  • User and resource activity is constantly monitored, with AI and ML applied to analytics information to provide insights into emerging threats.
Every security team wants Zero Trust—nobody gets or keeps access to anything until they prove and continue to prove who they are, that access is authorized, and they are not acting maliciously. That’s why organizations choose BlackBerry® Zero Trust Architecture powered by Cylance® AI to protect their people, data, and networks.