Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

How to Talk to Your Boss About Zero Trust

How to Talk to Your Boss About Zero Trust

A recent Executive Order from the Biden Administration put zero trust architecture in the spotlight. When your top execs come asking about it, here's what you need to know.

President Joseph R. Biden's May 12 Executive Order on Improving the Nation's Cybersecurity brought renewed interest in zero trust architecture, the ripple effects of which are just starting to be felt in government and private sector organizations around the world. 

The principles of zero trust, first introduced by then-Forrester analyst John Kindervag in 2010, require rethinking the trust-but-verify model upon which so much IT infrastructure has been built. It calls for viewing trust as a vulnerability instead and posits that we remove the notion of trust from digital systems entirely. With ransomware attacks on the rise, the software supply chain compromised and the attack surface growing exponentially, it's clear that a new approach to cybersecurity is in order. If your executive leadership hasn't yet come around asking about your plans for zero trust, we assure you it's only a matter of time.

With misperception about zero trust running rampant, here are five things your boss needs to know about zero trust:

  1. Zero trust is a strategy, not a SKU. In most organizations, it can be implemented using existing off-the-shelf cybersecurity products. There is no single zero trust product your organization can purchase and plug in to transform your risk posture overnight.
  2. Zero trust requires a foundation of strong cyber hygiene. As the National Institute of Standards and Technology (NIST) guidelines make clear, you can't build a zero trust strategy without first having accurate visibility into all of the organization's assets — including IT, cloud, operational technology (OT) internet of things (IoT).
  3. User profiles matter more than ever. A zero trust strategy requires you to continuously monitor all users all the time. Tools such as Active Directory, which are used to manage user profiles and privileges, must be continuously monitored and kept up to date. 
  4. No one is trusted — no exceptions. This may not please the CEO or other C-suite executives, who can sometimes behave as if the rules don't apply to them. Brushing up on your diplomatic skills is advised. 
  5. Zero trust requires thoughtful change management. There are people throughout the organization who have built their careers on the legacy cybersecurity principles of moat-and-castle and trust-but-verify. They may be threatened or feel that their jobs are in jeopardy if they aren't engaged in the zero trust buildout from day one.

The bottom line? It won't happen overnight. Zero trust as a concept is simple to grasp. What makes it complex to implement are the same factors that make any cybersecurity strategy complex: the unique mix of process, procedure, education and technology found in your IT infrastructure. It's best to start small and roll out from there, rather than trying to boil the ocean. 

Cybersecurity in a world without perimeters

As organizations around the globe emerge from pandemic lockdown and embrace a hybrid model that allows working from home to be as seamless on premises, it's clear that the legacy approaches to cybersecurity are no longer in order. A successful zero trust journey requires executive support and buy-in from all areas of the organization. It's not something cybersecurity leaders can execute in a vacuum. It's a strategic decision that will ultimately change the way every employee in the organization uses technology, reducing risk every step of the way. 

Learn more

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.