Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Build a Zero Trust Roadmap

Leverage an iterative and repeatable process to apply zero trust to your organization.

  • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
  • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.
  • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
  • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

Our Advice

Critical Insight

Apply zero trust to key protect surfaces. A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

Impact and Result

Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined. Our unique approach:

  • Assess resources and determine zero trust readiness.
  • Prioritize initiatives and build out roadmap.
  • Deploy zero trust and monitor with zero trust progress metrics.

Build a Zero Trust Roadmap Research & Tools

1. Build a Zero Trust Roadmap Deck – The purpose of the storyboard is to provide a detailed description of the steps involving in building a roadmap for implementing zero trust.

The storyboard contains five easy-to-follow steps on building a roadmap for implementing zero trust, from aligning initiatives to business goals to establishing metrics for measuring the progress and effectiveness of a zero trust implementation.

2. Zero Trust Protect Surface Mapping Tool – A tool to identify key protect surfaces and map them to business goals.

Use this tool to develop your zero trust strategy by having it focus on key protect surfaces that are aligned to the goals of the business.

3. Zero Trust Program Gap Analysis Tool – A tool to perform a gap analysis between the organization's current implementation of zero trust controls and its desired target state and to build a roadmap to achieve the target state.

Use this tool to develop your zero trust strategy by creating a roadmap that is aligned with the current state of the organization when it comes to zero trust and its desired target state.

4. Zero Trust Candidate Solutions Selection Tool – A tool to identify and evaluate solutions for identified zero trust initiatives.

Use this tool to develop your zero trust strategy by identifying the best solutions for zero trust initiatives.

5. Zero Trust Progress Monitoring Tool – A tool to identify metrics to measure the progress and efficiency of the zero trust implementation.

Use this tool to develop your zero trust strategy by identifying metrics that will allow the organization to monitor how the zero trust implementation is progressing, and whether it is proving to be effective.

6. Zero Trust Communication Deck – A template to present the zero trust template to key stakeholders.

Use this template to present the zero trust strategy and roadmap to ensure all key elements are captured.

8. Beyond the Perimeter: Securing Your Network With Zero Trust and Zero Standing Privileges Deck – Examine zero trust security and gain a better understanding of the need for a zero trust roadmap to accomplish organizational goals.

A shift from focusing on the attack surface to the protect surface will help organizations implement an inside-out architecture that protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals. Explore the importance of zero trust and zero standing privileges.

Learn more in this Info-Tech LIVE 2024 presentation


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.5/10


Overall Impact

$54,343


Average $ Saved

35


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Neptune Technology Group Inc.

Workshop

10/10

$34,250

50

Brian Clarck is one of a kind, Very technical, professional, articulated and committed with the overall project. Was a pleasure working with him an... Read More

Focused Education Resources

Guided Implementation

10/10

$10,000

2

Excellent introduction and recommendations from Jon.

Flight Centre Australia

Workshop

9/10

$123K

35

Worst: discovering how fragmented and siloed our knowledge of Zero Trust and our environment was Best: seeing how the facilitated session drove co... Read More

Fujitsu Caribbean Jamaica

Guided Implementation

10/10

$13,712

10

I greatly appreciated how clear all the engagements were in terms of what should be expected at the end and being able to get clarifications along ... Read More

NASA

Workshop

10/10

$137K

110

Each workshop participant with whom I spoke relayed how valuable an experience it was to work through the exercises. The best part of the experienc... Read More

FirstRand Bank Ltd.

Guided Implementation

8/10

$7,799

5

The material was very practical and easy to operationalise. Thank you Victor!


Workshop: Build a Zero Trust Roadmap

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define business goals and protect surfaces

The Purpose

Align business goals to protect surfaces.

Key Benefits Achieved

A better understanding of how business goals can map to key protect surfaces and their associated DAAS elements.

Activities

Outputs

1.1

Understand business and IT strategy plans.

1.2

Define business goals.

1.3

Identify five critical protect surfaces and their associated DAAS elements.

1.4

Map business goals and protect surfaces.

  • Mapping of business goals to key protect surfaces and their associated DAAS elements 

Module 2: Begin gap analysis 

The Purpose

Identify and define zero trust initiatives.

Key Benefits Achieved

A list of zero trust initiatives to be prioritized and set into a roadmap.

Activities

Outputs

2.1

Assess current security capabilities and define the zero trust target state for a set of controls.

  • Security capabilities current-state assessment
  • Zero trust target state
2.2

Identify tasks to close maturity gaps.

  • Tasks to address maturity gaps
2.3

Assign tasks to zero trust initiatives.

Module 3: Complete gap analysis  

The Purpose

Complete the zero trust gap analysis and prioritize zero trust initiatives.

Key Benefits Achieved

A prioritized list of zero trust initiatives aligned to business goals and key protect surfaces.

Activities

Outputs

3.1

Align initiatives to business goals and key protect surfaces.

  • Zero trust initiative list mapped to business goals and key protect surfaces
3.2

Conduct cost/benefit analysis on zero trust initiatives.

3.3

Prioritize initiatives.

  • Prioritization of zero trust initiatives

Module 4: Formulate policies and finalize roadmap

The Purpose

Finalize the zero trust roadmap and begin to formulate zero trust policies for roadmap initiatives.

Key Benefits Achieved

A zero trust roadmap of prioritized initiatives.

Activities

Outputs

4.1

Define solution criteria.

4.2

Identify candidate solutions.

4.3

Evaluate candidate solutions.

4.4

Finalize roadmap.

  • Zero trust roadmap
4.5

Formulate policies for critical DAAS elements.

  • Zero trust policies for critical protect surfaces
  • Method for defining zero trust policies for candidate solutions
4.6

Establish metrics for high-priority initiatives.

  • Metrics for high-priority initiatives

Build a Zero Trust Roadmap

Leverage an iterative and repeatable process to apply zero trust to your organization.

EXECUTIVE BRIEF

Analyst Perspective

Internet is the new corporate network.

For the longest time we have focused on reducing the attack surface to deter malicious actors from attacking organizations, but I dare say that has made these actors scream “challenge accepted.” With sophisticated tools, time, and money in their hands, they have embarrassed even the finest of organizations. A popular hybrid workforce and rapid cloud adoption have introduced more challenges for organizations, as the security and network perimeter have shifted and the internet is now the corporate network. Suffice it to say that a new mindset needs to be adopted to stay on top of the game.

The success of most attacks is tied to denial of service, data exfiltration, and ransom. A shift from focusing on the attack surface to the protect surface will help organizations implement an inside-out architecture that protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals.

Zero trust principles aid that shift across several pillars (Identity, Device, Application, Network, and Data) that make up a typical infrastructure; hence, the need for a zero trust roadmap to accomplish that which we desire for our organization.

Victor Okorie
Senior Research Analyst, Security and Privacy
Info-Tech Research Group

Executive Summary

Your Challenge

  • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
  • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.

Common Obstacles

  • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
  • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

Info-Tech’s Approach

  • Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined.
  • Our unique approach:
    • Assess resources and determine zero trust readiness.
    • Address barriers and identify enablers.
    • Prioritize initiatives and build out roadmap.
    • Identify most appropriate vendors via vendor selection framework.
    • Deploy zero trust and monitor with zero trust progress metrics.

Info-Tech Insight

A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

Your challenge

This research is designed to help organizations:

  • Understand what zero trust is and decide how best to deploy it with their existing IT resources. Zero trust is a set of principles that defaults to the highest level of security; a failed implementation can easily disrupt the business. A pragmatic zero trust implementation must be flexible and adaptable yet maintain a consistent level of protection.
  • Move from a perimeter-based approach to security toward an “Always Verify” approach. The path to getting there is complex without a clear understanding of desired outcomes. Focusing efforts on key protection gaps and leveraging capable controls in existing architecture allows for a repeatable process that carries IT, security, and the business along on the journey.

On this zero trust journey, identify your valuable assets and zero trust controls to protect them.

Top three reasons for building a zero trust strategy

44%

Reduce attacker’s ability to move laterally

44%

Enforce least privilege access to critical resources

41%

Reduce enterprise attack surface

Common obstacles

These barriers make this challenge difficult to address for many organizations:

  • Due to zero trust’s many components, performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.
    • To feel ready to implement and to understand the benefits of zero trust, IT must first understand what zero trust means to the organization.
  • Zero trust as a set of principles is a moving target, with many developing standards and competing technology definitions. A strategy built around evolving best practices must be supported by related business stakeholders.
    • To ensure support, IT must be able to “sell” zero trust to business stakeholders by illustrating the value zero trust can bring to business objectives.

43%

Organizations with a full implementation of zero trust saved 43% on the costs of data breaches.
(Source: Teramind, 2021)

96%

Zero trust is considered key to the success of 96% of organizations in a survey conducted by Microsoft.
(Source: Microsoft, 2021)

What is zero trust?

It depends on who you ask…

  • Vendors use zero trust as a marketing buzzword.
  • Organizations try to comprehend zero trust in their own limited views.
  • Zero trust regulations/standards are still developing.

“A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

Source: NIST, SP 800-207: Zero Trust Architecture, 2020

“An evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”

Source: DOD, Zero Trust Reference Architecture, 2021

“A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.”

Source: NSA, Embracing a Zero Trust Security Model, 2021

“Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

Source: CISA, Zero Trust Maturity Model, 2021

“The foundational tenet of the zero trust model is that no actor, system, network, or service operating outside or within the security perimeter is trusted.”

Source: OMB, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, 2022

What is zero trust?

From Theoretical to Practical

Zero trust is an ideal in the literal sense of the word, because it is a standard defined by its perfection. Just as nothing in life is perfect, there is no measure that determines an organization is absolutely zero trust. The best organizations can do is improve their security iteratively and get as close to ideal as possible.

In the most current application of zero trust in the enterprise, a zero trust strategy applies a set of principles, including least-privilege access and per-request access enforcement, to minimize compromise to critical assets. A zero trust roadmap is a plan that leverages zero trust concepts, considers relationships between technical elements as well as security solutions, and applies consistent access policies to minimize areas of exposure.

Zero Trust; Identity; Workloads & Applications; Network; Devices; Data

Info-Tech Insight

Solutions offering zero trust often align with one of five pillars. A successful zero trust implementation may involve a combination of solutions, each protecting the various data, application, assets, and/or services elements in the protect surface.

Zero trust business benefits

Reduce business and organizational risk

Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organizations practice.

36% of data breaches involved internal actors.
Source: Verizon, 2021

Reduce CapEx and OpEx

Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
Source: SecurityBrief - Australia, 2020.

Reduce scope and cost of compliance

Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.

Scope of compliance reduced due to segmentation.

Reduce risk of data breach

Reduced risk of data breach in any instance of a malicious attack as there’s no lateral movement, secure segment, and improved visibility.

10% Increase in data breach costs; costs went from $3.86 million to $4.24 million.
Source: IBM, 2021

This is an image of a thought map detailing Info-Tech's Build A Zero Trust Roadmap. The main headings are: Define; Design; Develop; Monitor

Info-Tech’s methodology for Building a Zero Trust Roadmap

1. Define Business Goals and Protect Surfaces

2. Assess Key Capabilities and Identify Zero Trust Initiatives

3. Evaluate Candidate Solutions and Finalize Roadmap

4. Formulate Policies for Roadmap Initiatives

5. Monitor the Zero Trust Roadmap Deployment

Phase Steps

Define business goals

Identify critical DAAS elements

Map business goals to critical DAAS elements

  1. Review the Info-Tech framework
  2. Assess current capabilities and define the zero trust target state
  3. Identify tasks to close gaps
  4. Define tasks and initiatives
  5. Align initiatives to business goals and protect surfaces
  1. Define solution criteria
  2. Identify candidate solutions
  3. Evaluate candidate solutions
  4. Perform cost/benefit analysis
  5. Prioritize initiatives
  6. Finalize roadmap
  1. Formulate policies for critical DAAS elements
  2. Formulate policies to secure a path to access critical DAAS elements
  1. Establish metrics for roadmap tasks
  2. Track and report metrics
  3. Build a communication deck

Phase Outcomes

Mapping of business goals to protect surfaces

Gap analysis of security capabilities

Evaluation of candidate solutions and a roadmap to close gaps

Method for defining zero trust policies for candidate solutions

Metrics for measuring the progress and efficiency of the zero trust implementation

Protect what is relevant

Apply zero trust to key protect surfaces

A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

Align protect surfaces to business objectives

Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

Identify zero trust capabilities

Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

Roadmap first, not solution first

Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

Create enforceable policies

The success of a zero trust implementation relies on consistent enforcement. Applying the Kipling methodology to each protect surface is the best way to design zero trust policies.

Success should benefit the organization

To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key deliverable:

Zero Trust Communication Deck

Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.

Zero Trust Protect Surface Mapping Tool

Identify critical and vulnerable DAAS elements to protect and align them to business goals.

Zero Trust Program Gap Analysis Tool

Perform a gap analysis between current and target states to build a zero trust roadmap.

Zero Trust Candidate Solutions Selection Tool

Determine and evaluate candidate solutions based on defined criteria.

Zero Trust Progress Monitoring Tool

Develop metrics to track the progress and efficiency of the organization’s zero trust implementation.

Blueprint benefits

IT Benefits

  • A mapped transaction flow of critical and vulnerable assets and visibility of where to implement security controls that aligns with the principle of zero trust.
  • Improved security posture across the digital attack surface while focusing on the protect surface.
  • An inside-out architecture that leverages current existing architecture to tighten security controls, is automated, and gives granular visibility.

Business Benefits

  • Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organization’s practice.
  • Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
  • Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.
  • Reduced risk of data breach in any instance of a malicious attack.

Measure the value of this blueprint

Save an average of $1.76 million dollars in the event of a data breach

  • This research set seeks to help organizations develop a mature zero trust implementation which, according to IBM’s “Cost of a Data Breach 2021 Report,” saves organizations an average of $1.76 million in the event of a data breach.
  • Leverage phase 5 of this research to develop metrics to track the implementation progress and efficacy of zero trust tasks.

43%

Organizations with a mature implementation of zero trust saved 43%, or $1.76 million, on the costs of data breaches.
Source: IBM, 2021

In phase 2 of this blueprint, we will help you establish zero trust implementation tasks for your organization.

In phase 3, we will help you develop a game plan and a roadmap for implementing those tasks.

This image contains a screenshot info-tech's methodology for building a zero-trust roadmap, discussed earlier in this blueprint

Executive Brief Case Study

National Aeronautics and Space Administration (NASA)

INDUSTRY: Government

SOURCE: Zero Trust Architecture Technical Exchange Meeting

NASA recognized the potential benefits of both adopting a zero trust architecture (including aligning with OMB FISMA and DHS CDM DEFEND) and improving NASA systems, especially those related to user experience with dynamic access, application security with sole access from proxy, and risk-based asset management with trust score. The trust score is continually evaluated from a combination of static factors, such as credential and biometrics, and dynamic factors, such as location and behavior analytics, to determine the level of access. The enhanced access mechanism is projected on use-case flows of users and external partners to analyze the required initiatives.

The lessons learned in adapting zero trust were:

  • Focus on access to data, assets, applications, and services; and don’t select solutions or vendors too early.
  • Provide support for mobile and external partners.
  • Complete zero trust infrastructure and services design with holistic risk-based management, including network access control with software-defined networking and an identity management program.
  • Develop a zero trust strategy that aligns with mission objectives.

Results

NASA implemented zero trust architecture by leveraging the agency existing components on a roadmap with phases related to maturity. The initial development includes privileged access management, security user behavior analytics, and a proof-of-concept lab for evaluating the technologies.
Case Study Source: NASA, “Planning for a Zero Trust Architecture Target State,” 2019

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
Call #1:
Scope requirements, objectives, and your specific challenges.

Call #3:
Define current security capabilities and zero trust target state.

Call #5:

Identify and evaluate solution criteria.

Call #7:
Create a process for formulating zero trust policies.

Call #8:
Establish metrics for assessing the implementation and effectiveness of zero trust.

Call #2:
Identify business goals and protect surfaces.

Call #4:
Identify gap-closing tasks and assign to zero trust initiatives.

Call #6:
Prioritize zero trust initiatives.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

Phase 1

Define Business Objectives and Protect Surfaces

Build a Zero Trust Roadmap

This phase will walk you through the following activities:

  • Identify and define the business goals.
  • Identify the critical DAAS elements and protect surface.
  • Align the business goals to the protect surface and critical DAAS elements.

This phase involves the following participants:

  • Security Team
  • Business Executives
  • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management

Analyze your business goals

Identifying business goals is the first step in aligning your zero trust roadmap with your business’ vision.

  • Security leaders need to understand the direction the business is headed in.
  • Wise security investments depend on aligning your security initiatives to business objectives.
  • Zero trust, and information security at large, should contribute to your organization’s business objectives by supporting operational performance, ensuring brand protection and shareholder value.
    • For example, if the organization is working on a new business initiative that requires the handling of credit card payments, the security organization needs to know as soon as possible to ensure the zero trust architecture will be extended to protect the PCI data and enable the organization to be PCI compliant.

    Info-Tech Insight

    Security and the business need to be in alignment when implementing zero trust. Defining the business goal helps rationalize the need for a zero trust implementation.

1.1 Define your organization’s business goals

Estimated time 1-3 hours

  1. As a group, brainstorm the business goals of the organization.
  2. Review relevant business and IT strategies.
  3. Review the business goal definitions in tab “2. Business Objectives” of the Zero Trust Protect Surface Mapping Tool, including the key goal indicator metrics.
  4. Record the most important business goals in the Business Goal column on tab “3. Protect Surfaces” of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary goals. This limitation will be critical to help map the protect surface and the zero trust roadmap later.

Input

  • Business and IT strategies

Output

  • Prioritized list of business objectives

Materials

  • Whiteboard/Flip Charts
  • Zero Trust Protect Surface Mapping Tool

Participants

  • Security Team
  • IT Leadership
  • Business Stakeholders
  • Risk Management
  • Compliance
  • Legal

Download the Zero Trust Protect Surface Mapping Tool

Info-Tech Insight

Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

What does zero trust mean for you?

For a successful implementation, focus on your zero trust outcome.

This image describes the Who, What, When, Where, Why, and How for Zero Trust.

Regardless of whether the user is accessing resources internally or externally, zero trust is posed to authenticate, authorize, and continuously verify the security policies and posture before access is granted or denied. Many network architecture can be local, cloud based, or hybrid and with users working from any location, there is no network perimeter as we knew it and the internet is now the corporate network.

Zero trust framework seeks to extend the perimeter-less security to the present digital transformation.

Leverage an iterative and repeatable process to apply zero trust to your organization.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.5/10
Overall Impact

$54,343
Average $ Saved

35
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 5-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Define Business Objectives and Protect Surfaces
  • Call 1: Scope requirements, objectives, and your specific challenges.
  • Call 2: Identify business goals and protect surfaces.

Guided Implementation 2: Assess Key Capabilities and Identify Zero Trust Initiatives
  • Call 1: Define current security capabilities and zero trust target state.
  • Call 2: Identify gap-closing tasks and assign to zero trust initiatives.

Guided Implementation 3: Evaluate Candidate Solutions and Finalize Roadmap
  • Call 1: Identify and evaluate solution criteria.
  • Call 2: Prioritize zero trust initiatives.

Guided Implementation 4: Formulate Policies for Roadmap Initiatives
  • Call 1: Create a process for formulating zero trust policies.

Guided Implementation 5: Monitor Zero Trust Roadmap Deployment
  • Call 1: Establish metrics for assessing the implementation and effectiveness of zero trust.

Authors

Victor Okorie

Ida Siahaan

Ian Mulholland

Contributors

  • Aaron Benson, CME Group, Director of IAM Governance
  • Brad Mateski, Zones, Solutions Architect for CyberSecurity
  • Bob Smock, Info-Tech Research Group, Vice President of Consulting
  • Dr. Chase Cunningham, Ericom Software, Chief Strategy Officer
  • John Kindervag, ON2IT Cybersecurity, Senior Vice President, Cybersecurity Strategy and ON2IT Group Fellow
  • John Zhao, Fonterra, Enterprise Security Architect
  • Rongxing Lu, University of New Brunswick, Associate Professor
  • Sumanta Sarkar, University of Warwick, Assistant Professor
  • Tim Malone, J.B. Hunt Transport, Senior Director Information Security
  • Vana Matte, J.B. Hunt Transport, Senior Vice President of Technology Services

Search Code: 99347
Last Revised: August 16, 2022

Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019