The arena of Zero Trust is an unbridled circus. Conflicting best practices, classic overselling, and niche use cases abound making two things painfully clear: 1) organizational leadership is making Zero Trust a top priority, and 2) the folks tasked with implementing it have no idea where to start.
Large enterprises benefit from larger budgets and staffing for widespread planning, the assessment of many different tools, and perhaps the time to get things right. Smaller organizations rely on managed service providers (MSPs) who live and breathe Zero Trust. The most challenged group is the mid-market: Companies that lack the budget for year-one full-scale implementation and have just enough IT staff to negate the need for an MSP.
Mid-Market Priorities: Simplicity and Functionality
So, if everything is now “Zero Trust,” what tools are most critical for the budget-constrained, resource-strapped mid-market companies to adopt, and what are the actual steps to implementing them? It comes down to simplicity and functionality.
There is no one size fits all answer when it comes to Zero Trust, so mid-market companies must prioritize simplicity and functionality. This means looking for tools that are easy to deploy and manage, that don’t require costly professional services to implement, and that can be quickly adopted by IT staff.
There is no shortage of customizable enterprise tools that let you endlessly tinker, but they come with an enterprise price tag and when you’ve tinkered yourself out, you’ll be calling support for help, adding to your bill. The mid-market instead needs to weigh functionality with value and ask, “Is this something I absolutely need, or can I live without it? Will I ever use this feature? What would happen if I didn’t have it?”
The Recipe for Zero-Trust Success
Careers are spent in this pursuit – some fruitlessly. The recipe for success is to prioritize three things:
Unification: Zero Trust is fundamentally about controlling access. Find a tool that can integrate with your existing identity management platform, and that is focused on controlling access to as many different IT assets as possible. You may not need everything from the start, but the ability to scale your Zero Trust access control use cases as your business grows and matures is never a bad thing. Bonus points if it can also deliver passwordless authentication via certificates, continuous device risk posture assessment, and automated device remediation for users both on the physical network and those operating remotely.
Cloud: While not everyone loves committing to a SaaS subscription, the total cost of ownership of cloud-native security products pales in comparison to the behemoth vendors offering cloud-managed vendors. These legacy players force you to commit to multiple licenses not only for the core product, but for associated virtual machines, require constant upgrades to plug product vulnerabilities and pad their bottom line every time you need professional services. Going cloud-native means you get the latest and greatest service day in and day out.
Friction-Less: No one likes friction. Find products that mesh with your existing architecture and don’t force you to re-configure traffic flows, buy new hardware, or generally jump through hoops. The key is to focus on tools that are easy to deploy, and that preferably work with any hardware and systems in operation without complex customizations. Consider which tools your new Zero Trust access control platform will need to integrate with beyond identity and access management (IAM). Will you want to sync it with mobile device management (MDM), security information and event management (SIEM), or endpoint detection and response (EDR)?
The concept of Zero Trust is simple, and it can be implemented through relatively simple means, but the road to Zero Trust requires planning to get it right. It requires a reality check about what you’re trying to achieve, and what you’re really capable of managing. If nothing else, approach Zero Trust with a focus on simplicity, power, and value.
Denny LeCompete is CEO of Portnox