Zero Trust is a countercurrent to traditional perimeter-based security practices. Published CISA guidance helps us get better at employing accurate, least privileged, per-request access in information systems and services facing a network assumed to be compromised. This guidance means that every resource should be untrusted until proven otherwise. Most of what’s published on ZTA dives into the technical requirements and engineering processes that flow toward a given Zero Trust Maturity (ZTM) level while offering instruction on what it may take to reach the successive maturity level.

However, challenges arise when organizations open the console or the conference room to start making changes to existing security workflows, governance documentation, or working processes. All guidelines acknowledge that every organization has a different starting block depending on its existing configurations. Implementing Zero Trust principles with existing SecOps is not a monolithic operation but an ongoing and, often zigzag process involving identity, infrastructure, networking, applications, and more. It quickly becomes evident that moving toward a Zero Trust Architecture (ZTA) requires cross-functional, interdisciplinary collaborations between DevSecOps experts, governance specialists, and business process influencers. How might we approach the challenge?

Contact me arthur@arthurgrau.com for the case study or download it from https://rvcm.com/zero-trust