by Cecil Dildine
Experts in the Zero Trust field have been on the path toward full implementation for some time. They have experienced both successes and failures – and learned from both. They have transitioned from the form, storm, and norm stage and implemented many of the requirements laid out by the authorities of their organization, whether under the Federal Information Security Management Act (FISMA) or the Department of Defense Zero Trust strategy. Today, these experts can speak about Zero Trust confidently and provide authoritative guidance on what they are doing to achieve success.
70% – 80% of Zero Trust experts are still “forming, storming, and norming.”
Yet, a recent Electrosoft-ATARC survey indicated that 70% to 80% of respondents are not yet implementing Zero Trust initiatives. They are still forming, storming, and norming. This statistic reflects the fact that Zero Trust requirements are both complex and comprehensive. They cross many technologies and require extensive testing to understand how data is used, stored, accessed, transmitted, and secured.
Zero Trust requirements are both complex and comprehensive. Complexity underscores the need for flexibility.
Complexity underscores the need for flexibility, especially when confronted with indicators that your team isn’t quite ready for the next step. Adjusting plans to mentor, train, and address knowledge gaps or otherwise support the success of team members can yield far better results than staying the course no matter what.
Some of the best Zero Trust ideas and solutions come from teams working through problems together.
Some of the best ideas and solutions come from collaborative sessions where teams work through problems together. For this reason, staff certification in this specialty area is important. Further, establishing a Community of Practice is a great way to encourage dialogue and share thoughts on ways to improve the proficiency of the people, processes, and tools involved in Zero Trust implementation.
Achieving Zero Trust is a journey – one with many twists and turns and unknown threats and rewards around every corner. It is not a frivolous undertaking but rather one that is vital to the security of our nation, its economy, and its programs and operations. Like every journey, it begins with a single step. But, as we move toward full implementation, we need to be flexible and apply the lessons learned along the path.