Gearing Up for Zero Trust
As our team at LayerArch prepares to engage with customers to solve their security and networking pain points and guide them towards the Zero Trust architecture, there is no better place to start than with the most authoritative standard body and agency for Zero Trust: NIST (National Institute of Standards and Technology) and CISA (Cybersecurity and Infrastructure Security Agency). While NIST developed the most influential framework on Zero Trust, CISA used it as a base and developed the Zero Trust Maturity model.
NIST publication NIST-SP-800-27 is the architectural standard for Zero Trust and a cybersecurity framework developed to remove the implicit trust from the network connections. Its core principles—namely, (a) Never trust, always verify; (b) least-privilege access; and (c) continuous validation—focus on 5 core pillars to strengthen the security posture of an organization. These 5 pillars span user identity, device, network, application workloads, and data.
NIST Zero Trust framework and architecture resulted from decades of messy IT reality that relied on the perimeter defense model or rather, the castle-and-moat approach. This old model relied on implicit trust once the user logged into the network, allowing lateral movement across resources that has resulted in multiple major cybersecurity breaches. The recent attacks, SolarWinds and Colonial Pipeline, involved hackers using lateral movement from compromised hosts to data exfiltration and ransomware, resulting in combined financial losses exceeding $100 million.
Zero Trust architecture is not a one-size-fits-all approach and is purely based on the risk appetite of the organization. It is a combination of both technological and cultural shift and a multi-year migration journey for many enterprises.
LayerArch’s Zero Trust Maturity Assessment (ZTMA)
In order to help enterprises establish a ZT baseline, our team at LayerArch has developed a lightweight Zero Trust Maturity Assessment (ZTMA) that scores ZT maturity across all the 5 pillars of the ZT model — user identity, device posture, network, applications and workloads. These 5 pillars and associated functions documented in CISA’s ZT maturity model have been translated into questionnaires to find the maturity stage: Traditional, Initial, Advanced, and Optimal.
By answering 25 critical questions, customers will receive:
- A maturity score across the 5 ZT Pillars (Identity, Device, Network, App, Data).
- A customized strategic recommendation for your specific environment.
- A roadmap to move from “Traditional” to “Optimal” posture.
Join our inaugural cohort of participants and start building a more resilient organization today. Get started with the Zero Trust Maturity Assessment →
Further References
Leave a Reply