Zero Trust: How to Get Started

Zero Trust is an architecture. It's a plan. It’s a framework. It's a methodology.

Zero Trust is exactly what it sounds like. Never trust, always verify and audit everything you're doing - because at some point, your network is going to be penetrated. Whether it's a headline-generating ransomware attack or just a blip that you can recover from with effective backups, there are going to be penetrations. And it's not always a foreign actor coming in to try to lock up your environment or steal your information, it could be someone inside your company. For example, an employee who is expanding their reach and their visibility into parts of the network where they really shouldn’t be. And though the intention is not malicious, maybe they accidentally delete or overwrite a large amount of critical, sensitive data. In short, you need to know who is doing what and where in your network and data center environment.

Recently, we saw a White House memorandum about deploying Zero Trust architectures in the federal government by the end of fiscal year 2024 that referenced a number of documents with reference architectures from the Department of Defense, the National Security Agency, the National Institute of Standards and Technology (NIST) and from Cybersecurity and Infrastructure Security Agency (CISA). Those documents provide great background information, great frameworks, and documentation. But what they don't tell you is how to get started. In order to educate and empower our customers, BTA is conducting brief, private Zero Trust architecture workshop webinars to discuss what the business’s needs are around security in general and how they can get to a Zero Trust architecture.

In these workshops, we begin by going over the specifics of what a Zero Trust architecture is. We ditch the typical flowery marketing speak that surrounds Zero Trust and focus on the factual, actionable aspects that are meaningful to the team and ultimately, the business. Then, we use a collaborative, visual model that contains technical and non-technical requirements for the customer’s team to self-evaluate where they stand today on a scale of 1-5 (5 being most optimized). The requirements are:

Zero Trust Technical Requirements

1. User Management
2. Device Management
3. Workload Protection
4. Data Protection
5. Network segmentation
6. Policy consistency

Zero Trust Non-technical Requirements

1. Strategy
2. Tactics
3. Architecture
4. Responsibilities
5. Compliance

As always, we meet the customer where they are; and use this exercise to bring the entire picture together to see how we can solve a business problem in architectural manner.

Why go with BTA?

Audits can seemingly come out of nowhere, and BTA can help your company achieve a proactive, stable state of readiness. Of course, you're deploying a Zero Trust architecture to achieve an optimized security posture and protect your workloads, but when audits are easy – that’s a great thing!

With our S.I.M.P.L.E. service delivery methodology, we provide a significant amount of documentation when we handle Zero Trust engagements. Specifically, one of the things we offer as an ongoing service is a customized audit report for our customers. This helps teams to be in that proactive-to-optimized level of the maturity model of requirements. And if you’re not yet proactive or optimized, BTA is there to help accelerate that journey. That is why we do what we do.

BTA also focuses on training teams to empower them. And where they need some help, we provide advisory services and managed services. We want to help you get on the best path possible, and if you want to be self-sufficient, we want to help you get to self-sufficiency.

Zero Trust Best Practices

As BTA’s mission is focused on mentoring, we want to use our architecture experience to help you get started on the right foot with your Zero Trust planning. The best engagements for BTA are when you, the customer, are able to use your resources wisely and understand exactly what, why, and how things needs to be done in the order that mitigates the most risk earlier rather than later.

Please join BTA Founder and CEO, Ken Fee and Vice President of Engineering, Chuck Martini for a LIVE conversation about best practices to strategically embark on your Zero Trust journey.