Facing evolving cyber threats, organizations across government and industry should consider Zero Trust Architecture to improve their security. This paper outlines major challenges and key recommendations for implementing effective Zero Trust strategies.
Zero Trust Architectures: Are We There Yet?
Download Resources
The movement towards Zero Trust Architectures (ZTA) aligns with cybersecurity modernization strategies and practices to deter and defend against dynamic threats both inside and outside traditional enterprise perimeters. The “Executive Order on Improving the Nation’s Cybersecurity” released from President Joe Biden on May 12, 2021, directs executive agencies to “develop a plan to implement Zero Trust Architecture.” The implementation of ZTA requires the integration of existing and new capabilities, as well as buy-in across the enterprise. Successful implementations will require multi-year planning that includes determination of drivers and use cases, policy development, architecture development, technology readiness assessment, pilots, user training, and phasing of deployments. This ZTA Tech Watcher report explores the state of the technology today and provides background, applicability and benefits to organizations, outstanding challenges and issues, and recommendations.
(exciting music)
- [Narrator] Like many organizations,
MITRE's business needs are constantly changing.
Our workforce is increasingly mobile.
We're placing more resources in the cloud,
and collaborating with our sponsors and external partners
online and in-person more than ever.
As we go about our day,
we're doing so against an increasingly sophisticated
threat environment.
MITRE is not unique.
All organizations are at risk of having their people,
operations, and data compromised by malicious actors.
Zero Trust has emerged as the best defense
against this evolving threat landscape.
With Zero Trust, the saying,
never trust, always verify, applies.
Think of it as entering a house,
the house being an organization's network.
You knock on the door,
the homeowner checks to see who's there.
They don't open the door until they verify who you are.
Once your identity is established, the front door opens,
but you can only enter certain rooms.
That's the basic premise of Zero Trust.
With it there are different levels of trust
from person to person,
based on how you authenticate, your role,
the device you are using, et cetera.
This change marks a major culture shift.
Rather than having access to everything by default,
you're given access to just those resources
for which you and your device are trusted,
no more, no less.
Here's something else you should know.
You can't achieve Zero Trust
with a single product or platform.
It requires strategic planning, new thinking,
approaches, tools, and capabilities.
Getting to Zero Trust is a journey.
MITRE is drawing on our own experience
in migrating to Zero Trust to guide others
who are just starting out.
MITRE is lighting a path to Zero Trust.
Join us on the journey.