Powered by MOMENTUM MEDIA
Despite some well-documented benefits, zero trust is yet to be widely embraced. Awareness is increasing, but it’s often not being followed up with action, writes Joanne Wong.
As a concept, zero trust has been around for a decade. With the promise of improved security and reduced management costs, on paper it sounds like an obvious choice for most law firms.
The reason is that, for most organisations, adopting zero trust model can be a somewhat daunting challenge. The approach turns traditional perimeter security on its head and instead focuses on identifying users and the resources to which they should have access.
Also, for many early adopters, migrating to a zero trust architecture is something that took years and the allocation of significant resources. Others tried and failed, reverting to their legacy security measures.
Interestingly, those organisations that are successful in their zero trust ambitions tend to follow a similar path which begins with a focus on the data that needs to be secured. It’s important to understand where this data is stored and how it is accessed by users and applications.
A second step then involves focusing on user governance and device trust. These two items will provide you the most value, quickly, and sit at the heart of any successful zero trust architecture.
A final step is to create a comprehensive business plan that covers all the areas in which a return on investment (ROI) is expected. This should include factors like a reduction in the IT spending associated with technologies that are no longer required, such as firewalls, VPNs, and active directory.
The plan should also provide detail of the process optimisations that will be achieved. These will not only reduce the need to manage a legacy environment but also automate areas where IT spends the most time and resources.
Taking a phased approach
With a comprehensive deployment plan in place, deployment of a zero trust model is usually completed in three phases:
Zero trust should not be thought of as a security “silver bullet” that will solve all challenges within an organisation. However, if properly designed and deployed, a zero trust strategy can provide robust levels of protection for users, data and applications. Even if one user or data store is compromised, it prevents an attacker from gaining access to other areas.
By taking a phased approach to zero trust, law firms will be able to enjoy the benefits it has to offer in a timely manner. As the approach becomes more widely understood, slow rates of uptake will become a thing of the past.
Joanne Wong is the vice-president of international marketing at LogRhythm.