A zero-trust policy can be implemented for different kinds of resources: your network itself, your applications, or data within those applications. The latter is the toughest nut to crack. After all, making a full inventory of the contents of every application is a giant’s labor; and once users are inside, it’s complex to restrict which data they can and cannot get their hands on. But still, you should aim for a good combination of ZTNA and ZTDP tools – the former standing for Zero Trust Network Access, the latter for Zero Trust Data Protection. ZTNA tools limit users’ access to your resources, and ZTDP tools do the same for your data.
But where do you start? First, there is not one product type that implements the zero-trust policy pillars – there are many. Some of them enforce the policy at the LAN access level, others at the data center access level, and so on. But building a comprehensive zero-trust architecture requires combining different products, such as NAC technology, an SDWAN platform, an SSE product, or a SASE solution (that’s a mix of both SDWAN and SSE: learn more about it here).
It probably all depends on your company’s level of balance between safety and usability. Still, it’s recommended to start with ZTNA, as it is much easier to implement: you don’t need to locate and identify the different kinds of data and elaborate a complex user/privilege map. Moreover, only mature organizations will be able to implement a ZTDP tool.
If you are, say, in the defense industry, you’re probably used to spending a large budget on implementing a complex set of security measures and sophisticated products. You’ll have to work on a wall-to-wall jigsaw puzzle of tools, both great and small, and deal with frustrated users who complain about not getting the proper access – the latter is just the small price you pay for sleeping soundly. But if you’re a small B2B company with no real secrets, you can probably do with the bare minimum, like buffing access to your network infrastructure and installing two-factor authentication for users. And that shouldn’t cost you an arm and a leg either.
Need help with setting up a zero-trust policy? We’ll be glad to help. Just contact our team.