Challenges and best practices

Challenges and best practices

Challenge #1: Zero Trust is a continuous process

If only we could fix our problems with the push of a button. Zero Trust does not end with implementation, especially for growing organizations. Access controls need to be updated to align with role changes. For instance, someone who has left the organization should lose their privileges immediately. If their account is still active, you are at risk of exposing sensitive information. This continuous, complex requirement is the reason some organizations abandon their Zero Trust efforts midway.

Best practice: Put together a dedicated team

Perpetual maintenance can only be carried out with the help of a team. At Zoho, we have a small team whose purpose is to implement Zero Trust and monitor related activities. IoT devices and wearables are becoming popular in the workplace, so our access control policies have to reflect these changes.

Challenge #2: Finding a balance between security and productivity

Enforcing stringent security policies might be viewed as a hindrance to productivity. Imagine having to sign in each time you open any app on your phone or verifying your identity each time you make a call. This might be secure, but it is unreasonable.

Challenge #3: Legacy applications

Transitioning to Zero Trust with legacy apps is trickier. These apps are not designed around current technology and security requirements. The foundational principles of Zero Trust are least privilege and access control, both of which cannot be performed with older systems. Some organizations go so far as to ignore legacy systems and build Zero Trust around modern applications, leaving gaps in security.

Best practice: One step at a time

Do not jump into Zero Trust and make drastic changes right away. Ease into it with a hybrid system that balances both Zero Trust and legacy systems. Assess your existing system first. Then, create a roadmap like we did, charting out what your priorities are and what steps you need to take to achieve your security goals.

Challenge #4: Zero Trust =/= 100% security

Zero Trust helps you block potential threats based on where, when, and how a user is accessing confidential information. Even so, it does not account for social engineering attacks. There is no foolproof strategy to prevent phishing, insider attacks, ransomware, and other similar attacks.

Best practice: Zero Trust = 100% participation

There can be no weak links! Zero Trust, once adopted, should be mandatory for everyone in the organization, regardless of their role or location. At ManageEngine, we have employees across the globe working both from the office and from home. They use a wide range of devices, applications, and services. Although it is a lot of work, our Security team is actively working with the Zero Trust team to implement it organization-wide as soon as possible.

Challenge #5: Zero Trust is expensive

Achieving Zero Trust requires compatible hardware and software. However, as we mentioned earlier, it is cheaper to invest in Zero Trust than to pay for damages. Consider it high-end insurance or an asset for the future. You will be thankful you did.

Best practice: Invest in a strong IAM tool

IAM solutions can help users access resources by analyzing the posture of each request and determining the next step (i.e., grant access, deny access, or prompt further verification before access).

What is next?

Before you begin your Zero Trust journey, you should have a Zero Trust maturity model for your organization that charts out where you are and where you should be in terms of Zero Trust readiness. This model is usually influenced by security requirements, preexisting policies and technology, and limitations.

Maturity model of Zero Trust

Right now, ManageEngine is still in the progress stage, working our way towards an optimal Zero Trust system. We plan on phasing out our VPN service soon after. Additionally, we are looking into providing 0Trust as a solution for customers.

Another exciting feature we are looking forward to is 5G. It has been a topic of discussion for years, and we are anticipating its rollout in our systems soon and a subsequent increase in IoT devices. What does it mean for Zero Trust? How will 5G services impact our operations? Presumably, 5G offers better, more granular control over network and device identity. As an enterprise, 5G could offer us an avenue to strengthen our security like never beforeā€”if we implement Zero Trust the right way.

Conclusion

Zero Trust is a developing concept and needs time to evolve into a fully fledged security system. We are still figuring out how to fine-tune our process and catch up to the likes of Google and Microsoft. Hopefully, a few years from now, we will have a second edition of this e-book with more insights into how we are taking ManageEngine to the next level of Zero Trust.

Conclusion

Get fresh content in your inbox

By clicking 'keep me in the loop', you agree to processing of personal data according to the Privacy Policy.