Zero Trust: Game Changer or Engagement Killer?

Most of us are now familiar with remote working. We may still have the occasional tech challenge connecting to video calls or screen sharing, but by-and-large we can be productive both in the office and at home.

Employees have been given unified communications tools like Zoom and Teams, cloud applications and the ability to work from anywhere, including with their home computer in many cases. These changes have redefined the ‘security perimeter’. Put simply, there’s a bigger target for cybercriminals to hit.

It is no longer defined by the physical locations of the organisation, but extends to every access point that hosts, stores, or accesses corporate applications, data and services. Traditional on-premises perimeter-based security models that rely solely on firewalls and VPNs lack the visibility, continuous monitoring and end-to-end security coverage required in this new way of working. It can also cause performance problems for users.  

This is where the Zero Trust security model comes in. It gives IT leaders peace of mind that their organisation is secure. However, trust is seen as a foundation to engagement, so does Zero Trust erode engagement?  

What is Zero Trust?

Zero Trust is a security model that states we must authenticate, authorise and verify all users, no matter where or how they are connected.

Instead of believing everything behind the corporate firewall is safe, Zero Trust assumes a breach and verifies each request as though it originates from an untrusted network, regardless of where the request originates from and/or what resource it accesses. 

The core tenant of Zero Trust is “never trust, always verify.”  Like any tool, the Zero Trust model can be implemented poorly. Employees could be left feeling that they don’t have access to what they need, and their productivity is impacted by poorly performing solutions.

However, when implemented well with best practice Secure Access Service Edge (SASE) components and thoughtful policy, Zero Trust can give employees both the freedom to work anywhere, and psychological safety knowing they are protected against threats. Zero Trust also simplifies operations and lowers costs by giving IT teams visibility of the end-to-end user experience and centralised control of user policy.

Implementing Zero Trust

If you’re looking to progress your Zero Trust journey using SASE components but you’re not sure how to move forward, the following five considerations can help create a plan:

1. Establish where you are now. This includes looking at users, workloads, devices, network and data. How mature and clear are your Zero Trust policies and systems in each area? This will help you identify low hanging fruit.  
2. Review what projects and changes are underway in the business that you can use to help move forward with Zero Trust. This might be a modern workplace initiative, an office move, moving applications to the cloud, or other projects.  These projects can be a good opportunity to ensure new ideas are being implemented within the Zero Trust model that follows a clear roadmap. 
3. Ensure you understand the wider context of the environment your business operates in and whether there is added complexity, for example IT or OT systems.
4. Consider what sort of SASE solution would match your wider Zero Trust journey. How important are things like visibility, ease of use, off-net security, technical flexibility, on-net protection and cost? There are a variety of solutions in the market, and each has different strengths and weaknesses.
5. Think about mapping out an end maturity goal, or desired outcome, and develop a roadmap of pragmatic steps to help you get there. This will help ensure you are constantly improving your security posture and reducing residual risk.

When implemented well, Zero Trust can be a win-win for both employees and the organisation, leading to improved engagement, lower costs and higher output. It can be a genuine game changer.