Falling Into the Trap
Like a hologram, Zero Trust’s benefits differ based on the observer’s perspective. Sales teams will tout work from anywhere with personal devices. Operations and finance desire the scalable, efficient, cloud-centric deployment. IT and Security, however, see not only the benefits but also the extraordinary effort required of their teams to achieve it.
These teams know the prerequisites to Zero Trust: system documentation, data-flow analysis, application mapping, access control matrices, and identity and access management – all of which come with enormous overhead. Already overwhelmed and strapped with up-time requirements and application performance demands, they find themselves separated from Zero Trust by an un-crossable chasm: A tangible place to start.
It’s reasonable to understand then why many teams fall into the first trap – reducing the scope to one application, something they can manage, map, and control. On the surface, achieving success at the application level seems attainable, but it neglects to address the interconnections from one application to others, its pathways to access, and what users require which access to the application.
This is problematic because Zero Trust requires segmenting every application so they are isolated from one another. As a consequence, “scope creep” delays, stalls, and frustrates the deployment as teams discover new required connections, data exchanges, and use cases.
Advice from Socrates
One of the founders of Western philosophy, Socrates, gives the best advice for zero trust, “choose the mean and avoid the extremes on either side, as far as possible.” You might know this better as Goldilocks’ Rule. Your instinct is right: the Big Bang approach to Zero Trust will fail. There’s a good reason there are no long-weekend Zero Trust success stories. But the opposite approach is also bound to fail. Socrates and Goldilocks guide us to the answer.
Avoid the Big Bang or the single application trap, and instead begin with the segmentation of the application’s ecosystem results in fast and thorough Zero Trust deployments. The deployment team can gate access to that application and its ecosystem and not have to worry about failure of service delivery, performance, or up-time.
Dealing with the application ecosystem allows you to focus your attention solely on the user-to-application interaction boundary. Having to handle the user-to-application plus application-to-application and application-to-infrastructure boundaries create innumerable obstacles, political friction, and dissatisfied users and stakeholders.
Discover, Identify, and Classify
Discover your application ecosystem? After the turnover in the IT and Cloud teams over the last few years? Surely the documentation is up-to-date and… Of course it isn’t. Failing to discover, inventory, and understand application interconnection puts most Zero Trust deployments into a stall.
Unefen customers don’t require thorough documentation or an accurate oral history of what’s been done. They are able to discover, identify, and classify these application connections, the user accounts enabling them, and the data they exchange. No more unknown unknowns in a brand new light.
Zero Trust promises great benefits to enterprises and different stakeholders emphasize varying outcomes. But the path to Zero Trust and those benefits can be arduous. Teams that set clear, incremental goals and avoid common traps — including too narrow a focus — will deliver and delight their stakeholders.