Setting up a functioning zero trust architecture (ZTA) and integrating it into the existing IT landscape poses many challenges. And although zero trust is now a firmly established IT security model and there is an almost immeasurable choice of technology available for the respective implementation, the practical introduction in many companies is often difficult. Many projects already get stuck in the conception phase or repeatedly falter at characteristic points of the implementation.
The reasons for this often include design weaknesses or lack of expansion of existing security systems and protection mechanisms, which in many cases still need to be adapted or improved to reach the required level. However, supplementing existing security solutions with new components and innovative processes can also help to further increase the level of maturity.
The use of modern protocols and passwordless procedures for the authentication and authorisation of users and their access not only increases security, but can also improve the user experience when using services and exchanging data. Single sign-on and mandatory end-to-end encryption are among the implicit benefits of such solutions. The special focus here rests on identity and access management, which on the one hand forms the basis for the verification of persons and accesses and on the other hand strengthens cyber security in its entirety with new control and monitoring functions.
This means a change from a perimeter-based security architecture to an environment-independent and continuous protection concept that can protect both the applications in one's own data centre and the services in the cloud across the board. However, this in turn requires clear and uniform rule and authorisation structures, which should be set up according to the least privilege principle. Granular and context-based policies are needed. If possible, these should be designed adaptively and dynamically. This way, not only the identity of the user, but also the broader context - for example, client, location, type of request and the criticality of the requested data - can be included when assessing the risk of access.
Implementing and enforcing these policies requires the combination of all security components to work together in a common zero-trust architecture. In this context, a well-staggered rollout plan and a perspective-designed transformation of existing security solutions can help to ease transitions and achieve initial improvements for operational security at an early stage.