A Zero Trust architecture (ZTA) has become a popular approach for IT leaders in enhancing the security of their organizations. However, implementing and operationalizing ZTA is not a one-size-fits-all solution. Each organization has its own unique needs and requirements that must be taken into consideration. It is essential for organizations to view ZTA not just from a compliance perspective, but also from an operational standpoint.
The relevance of ZTA is particularly heightened given the current cyber threat landscape. According to a recent report by Gigamon, 95% of organizations reported experiencing a ransomware attack in 2022. As the frequency and sophistication of cyber attacks continue to rise, it is crucial for IT leaders to effectively implement ZTA within their organizations.
To effectively implement and operationalize ZTA, organizations should focus on building a solid foundation that enables three core building blocks: adaptability, data normalization, and visibility.
Adaptability is a key aspect of ZTA implementation. IT environments are constantly evolving, adapting to changes in business requirements, missions, and environmental factors. Organizations need to ensure constant and consistent end-to-end visibility into their environments as computing resources shift between on-premises physical and virtual resources and multiple cloud service providers. The dynamic nature of software-defined networks (SDN) also necessitates an easily adaptable visibility fabric.
Data normalization is another crucial building block of ZTA. It involves standardizing and normalizing data sources across various components of the environment, including on-premises networks, containers, and multiple cloud providers. This step is essential because the effectiveness of artificial intelligence/machine learning-based (AI/ML) detection relies heavily on the quality and standardization of the data used to train the classifiers. By ensuring data normalization, organizations can leverage AI/ML-based detection engines to drive policy-based decisions on user and system behaviors, thereby enhancing their security posture.
Visibility is a core component of ZTA that should be consistent and unified across the enterprise. There are five critical areas where visibility is necessary: cloud, containers, hybrid environments, endpoints, and IoT devices. In the cloud, organizations often leverage multiple cloud providers, each with its own native log generation tools. Standardizing network and application visibility across on-premises and cloud networks allows for unified monitoring. The rapid adoption of containers poses visibility challenges for security teams, making it imperative to monitor and extract communication from containers to prevent them from becoming havens for cyber threats. Hybrid environments, which combine on-premises and cloud compute resources, require standardized visibility that cuts across diverse environments. Visibility at the endpoint level offers valuable data and information that can aid in identifying advanced persistent threats. Lastly, IoT devices and operational technology (OT) devices can create blind spots unless organizations have a comprehensive observability solution in place.
Implementing ZTA is not just a matter of compliance or good practice; it is a proactive approach to avoid becoming a victim of cyber attacks. By leveraging the three building blocks of adaptability, data normalization, and visibility, IT leaders can create a ZTA framework that fits their organization’s unique infrastructure. This approach enables organizations to detect and fend off cyber attacks before they can cause significant harm.
Chaim Mazal is the Chief Security Officer of Gigamon. In his role, he is responsible for global security, information technology, network operations, governance, risk, compliance, and internal business systems, as well as the security of Gigamon’s product offerings. With extensive experience in similar roles at industry-leading companies, Mazal brings a wealth of knowledge and expertise to the field of cybersecurity. He is a lifetime member of the Open Web Application Security Project (OWASP) Foundation and sits on several advisory boards, including Cloudflare, Gitlab, and Lacework.
For more information about Chaim Mazal and Gigamon, you can visit his LinkedIn profile at [linkedin.com/in/cmazal](https://www.linkedin.com/in/cmazal) and the Gigamon website at [https://www.gigamon.com/](https://www.gigamon.com/).