The next steps for leaders in their zero trust journey

More organisations are beginning to see the benefits of zero trust as government adoption and understanding of the security model grows within Asia Pacific.

A new Forrester report highlights that Asia Pacific organisations are starting to realise the benefits of zero trust, with 71 percent of APAC business and technology professionals saying their organisation will adopt zero trust edge in the next 12 months or have plans to do.

As knowledge grows for zero trust within Asia Pacific, Jinan Budge, VP and principal analyst at Forrester discussed with Digital Nation the next steps for leaders on their zero trust journey.

Budge said the first thing leaders should do is assess their zero trust maturity.

“Don’t go anywhere without this, otherwise you’ll create a situation of expense-in-depth for yourself, because you’re randomly implementing things you may not need,” she said.

“Most organisations are at the beginner stage, indicating that they take a conventional approach to cybersecurity. Organisations that have intermediate zero trust maturity have spent time and resources introducing ZTNA, data flow visibility, and network micro-segmentation around critical applications.”

Secondly, business leaders should get “quick wins” under their belt and demonstrate value along the way.

Some quick wins include adopting IAM technologies that solve critical problems and applying least-privilege principles if your organisation is less mature, Budge said.

“Or begin with more complex technical capabilities like micro-segmentation if you work in a highly regulated industry,” she added.

Business leaders need to get their stakeholders on board, especially the technology stakeholders, Budge explained.

“Most resistance to zero trust is likely to come from technology stakeholders who have other jobs to do, don’t understand zero trust at the same level of detail as you, and are concerned about the impact of such a program on them,” she said.

Budge said leaders need to listen and address their concerns about zero trust.

“They may not understand how the technology has evolved and may worry about the cost of the implementation or the amount of resources it will require to implement and operate,” she said.

“Work collaboratively with them to obtain budget, provide some of your resources to their teams, and communicate the benefits and evolution of zero trust so they’re not overwhelmed.”

Organisational leaders need to continue to challenge vendor claims and demand product rationalisation.

“None of the vendors offer a silver bullet to security, let alone zero trust,” she added.

It’s important for most organisations to start exploring, and moving towards a modern-day approach to security, Budge explained.

“However, there are organisations who have huge amounts of Mainframes or OT systems, and for both of those, there are probably not enough zero trust controls to go at zero trust in full force,” she said.

“There are also instances of AI or Kubernetes where it’s too soon to implement zero trust for them, as we’ve not seen enough examples.”

Budge added that those organisations should prioritise their zero efforts in the IT areas where they can effect real change. 

“Solve those problems first, then we come back around,” she ended.