November 1, 2021

3 Steps to Implementing Zero Trust in a Sustainable Way

Written by

Right now, many organizations use virtual private networks (VPNs) to give their remote workers access to necessary data while keeping external actors out, but by 2023, 60 percent of these organizations will likely replace their VPNs with zero trust network access. In order to do that, however, businesses need to implement ZTNA in a way that won’t frustrate their employees or cause them to look for workarounds. Here are some options for implementing zero trust sustainably.

What is zero trust network access?

Zero trust network access (ZTNA) is a set of cybersecurity principles that requires verification of a user’s identity before they can access sensitive information on a network. It involves segmenting a network to prevent lateral movement in the event that an attacker is able to breach the perimeter. Trust makes organizations vulnerable, and ZTNA limits users’ access to only the data and applications they need. This lower-level access mitigates the damage in attacks from both stolen credentials and malicious insiders.

1. Pair zero trust with simple sign-on methods

By pairing zero trust with sign-on methods that reduce the need for users to remember their credentials, organizations can keep their employees from turning to shadow IT practices to get around the security protocols. Passwords are vulnerable by nature, with brute force attacks being able to crack even strong 8-character passwords in less than a day. While you could require tighter password regulations, that’s likely to frustrate employees. Instead, consider passwordless options or single sign-on (SSO).

If you do want to stick with passwords, consider using a password manager, so your employees only have to remember one set of credentials. These tools require a single set of credentials to access, and then they autofill usernames and passwords for the tools that users have credentials for. 

Zero trust solutions with SSO:

  • Akamai Intelligent Edge
  • Okta Identity Cloud
  • Forcepoint Private Access

Also read: Bitwarden vs 1Password

2. Use automation to limit fatigue from false positives

If your zero trust filters are causing a lot of false positives that your IT team has to investigate, they’re going to get overwhelmed quickly and won’t be able to investigate every alert. Your zero trust architecture should include automation to prioritize threats as they come in, allowing your IT team to make better decisions on which alerts to chase down. Organizations can also automate some of their monitoring and remediation processes to lessen the work security admins have to handle. 

By automating as much of your zero trust architecture as possible, your systems can quickly block suspicious activity and start the remediation process if there is a breach. This leaves your human IT resources free to handle incident response and more complicated issues that arise.

Zero-trust tools with automation:

  • Palo Alto Networks
  • Illumio Core
  • Symantec

3. Add unified endpoint management (UEM)

Unified endpoint management (UEM) allows your IT department to monitor all of the endpoints (computers, phones, printers, etc.) on your network from a single management console. Because a zero trust system gets so many requests for access, UEM makes it easier for your IT team to investigate alerts. IT administrators can quickly identify which device the alert is coming from and begin remediation from within the UEM system.

UEM software is also a critical component of zero trust architecture because it simplifies the application of role-based access to your company’s devices. It can also automatically enforce network rules, denying access when a user violates them. For example, if your company has a rule in place that prohibits an employee from accessing sensitive information outside of work hours, your UEM system will automatically block an attempt that comes in at midnight.

Unified Endpoint Management solutions for ZTNA:

  • BlackBerry Spark UEM
  • IBM Security MaaS360
  • VMware Workspace ONE

Sustainable zero trust is the key to limiting the impact of breaches

Zero trust architecture ensures that even when a breach does happen, the attacker can’t access everything on a network. By implementing zero trust in a sustainable way, you encourage your employees to follow the necessary protocol because it won’t slow down their work or add friction. 

Zero trust architecture is just one aspect of IT security. To find the right security tools for your organization, check out our Product Selection Tool. After answering a few questions about your needs, you’ll get a short, customized list of software recommendations.

Read next: Backup and Recovery: The Keys to Surviving Ransomware