Zero trust advice: Start small, but get started

Share post:

Moving to a zero trust environment is so important that CEOs may have to appoint a manager to complete their projects, says a senior IT executive.

“To get zero trust across the finish line, some companies may appoint a zero trust officer,” John Engates, Cloudflare’s field CTO told an IT World Canada MapleSec Satellite webinar on Tuesday.

“Showing leadership, demonstrating how important it is to the organization, putting someone in charge of getting to a zero trust stance is really critical. No matter how you demonstrate that to your stakeholders, it’s really critical someone stand up and say, ‘We’ve got do better at this, we have to do it comprehensively across the entire organization. And we have to do it soon because the threats aren’t getting easier to deal with.'”

Zero trust — a security strategy that assumes no one on the IT network should be trusted — is a philosophy, Engates emphasized, not a product. This is why it can take a while to implement, depending on an organization’s cybersecurity maturity.

Related content: What is Zero Trust Network Access?

Implementing that strategy can begin with ensuring cybersecurity basics are covered — starting with ensuring the organization’s DNS server filters known malware, and moving to identity management, access control, phishing-proof multifactor authentication and more.

Cloudflare has created a zero-trust roadmap with 28 steps in four phases. Not every organization needs to implement that much detail. But the point is, for some large firms, nailing down a zero-trust approach can take a while.

Related content: Four steps to zero trust 

But, Engates said, it can be done in bite-sized chunks. “You can take what you need from a zero-trust architecture. Maybe you’re trying to secure your remote users or contractors. Start there (then) start with the applications that need the most security and work your way out.”

It doesn’t cost a lot for a small organization, he said, while larger ones can start small and expand over time.

Whatever way your firm decides, he said, “get started and get moving.”

The post Zero trust advice: Start small, but get started first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways