In their minds, this security approach can only be applied to fresh, or “greenfield,” environments – and even there organizations are hesitant as they may believe security will hinder business agility.
The true reason for why businesses are hesitant when it comes to zero trust is due to a lack of understanding of the process and the unfortunate influence of the myths stated above. Forrester’s zero trust framework gives a clear overview of the seven pillars that provide a comprehensive zero trust strategy: data, people, workloads, devices, networks, automation and orchestration, and visibility and analytics. Even after seeing the different elements set out, businesses may feel overwhelmed by the number of areas that can be linked with zero trust – it’s the classic “boiling the ocean” problem.
But what if companies instead took a more incremental and agile approach where benefits are realized at each stage along the way? This approach not only results in a regular and measurable improvement in security posture, but it also facilitates the integration of further capabilities throughout the process.
Implementing zero trust
