The rapid shift to remote work over the past year has pushed many organizations to rethink their approach to security. For many, this means embracing the Zero Trust security model, but necessary changes in strategy and architecture can be daunting at first.
In the new report “A Practical Guide to Zero Trust Implementation,” Forrester offers guidance on this important topic. To help you get the most out of the report, we spoke with Sinan Eren, VP, Zero Trust Access at Barracuda.
Q&A with Sinan Eren, VP, Zero Trust Access
What are the most important takeaways from this report?
One key takeaway is warning customers not to just dive into Zero Trust because it’s a buzzword right now. You need to have a plan and go into this with some core pillars and interdependencies sorted out. In the report, they provide a very good road map to help you go implement a Zero Trust initiative.
Another important point is that Zero Trust is not a single product. You can’t buy one solution and call yourself Zero Trust-enabled. It's a paradigm shift. You have to look at how you currently do perimeter-based security, depending mostly on firewalls, and now you have to shift away from that approach to a more trust-based model.
I also think it’s important that they highlight the interdependencies not just from different product portfolios but also from different stakeholders. They lay out all the kinds of the buy-in that you need to get from IT Ops and Sec Ops, from the application owners, all the way to the company board.
The report outlines a nice road map for this shift, giving you a good framework for putting a program together, not just deploying a Zero Trust solution-in-a-box and calling it a day.It's not just deploying a #ZeroTrust solution-in-a-box and calling it a day. You need a good framework for putting a program in place. Click To Tweet
How do you think this report will help people get clarify on what Zero Trust Security really means?
Zero Trust means moving away from a perimeter-based approach where you had to be in a branch or an office behind the firewall. Instead, it’s about protecting the users, and then their devices, and then the workloads that they're accessing, which are now all distributed.
All of those assets need to be reevaluated, so it's important to understand it's a journey. It's not just deploying a new product. It's not yet another point solution. It's an entire shift in how you design infrastructure and deploy applications and how you grant access to your users and devices.
What do organizations need to consider when they begin to implement Zero Trust?
I think the Forrester report does a very good job underlining some of the important things you need to consider when establishing a baseline for Zero Trust. For example, identity and access management capabilities are important. How do you authenticate users? Do you have single sign-on in place?
You also need to see which other existing security capabilities can be tailored for a Zero Trust approach. For example, if you're already migrating away from on-prem Active Directory to cloud-based Microsoft Azure Active Directory.
So, get to understand what capabilities you already have and make sure you have an inventory of your users, devices, and applications.
Do you see in gaps organizations need to address?
When it comes to identity and access management, almost everybody has something in place or is modernizing their IAM investment. The biggest gap I see is all organizations at all maturity levels have a lot of work to do around data. What kind of data do you have? Where is it located? What is the classification of data?
I think organizations need to start to work on classification of data and know where data resides. I see that as the next phase of Zero Trust. The initial phase is all about securing access. I believe most organizations have capabilities for that or are quickly adapting. But when it comes to the next phase in the maturity model for zero trust, which is data security, they have a lot more work than they need to do.
Don’t miss what Forrester is saying about Zero Trust security and the building blocks you need for a successful implementation. Get your copy now.
You can also join us for a webinar with Sinan on April 29 about building your Zero Trust road map. Save your spot today!
Anne Campbell is the public relations manager for Barracuda. She's been with the organization since 2014, working on content and public relations for Barracuda MSP, the MSP-dedicated business unit of Barracuda. She started her career in newspaper and magazine journalism, and she brings that editorial point of view to the work she does, using it to help craft compelling stories.