Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementCybersecurity Education & TrainingSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

Cybersecurity Education & Training

The fundamentals of implementing a zero trust security policy

What exactly does it entail to enforce a zero trust security policy? A lot.

By Patrick Beggs
zero trust-freepik1170x658v59703.png

Image by lovephoto via Freepik

September 1, 2022

Zero trust isn’t a product. 


Rather, zero trust essentially serves as a security framework. It refers to a comprehensive, strategic approach to security that makes sure every user and device that is given access to a company’s resources is who or what they claim to be.


There is an old adage: “If you can’t trust anyone, trust no one.” That’s zero trust in a nutshell. No actor may be trusted in an environment until they have been appropriately, and continually, validated.


Here’s a quick primer on zero trust, outlining the basics, such as what it is and how to implement it.


Why is zero trust relevant today?

The traditional security perimeter is almost nonexistent and continues to vanish by the minute. Data is currently dispersed across an almost infinite number of services, devices, apps and individuals, and this number will continue to grow.


Zero trust assumes that the conventional network edge does not exist. Networks in the modern enterprise can be local, on the cloud or a part of a hybrid architecture. Workers who have access to resources can be located anywhere, as can the resources themselves.


If a company continues to use an outdated perimeter security model, its digital assets are at risk of being lost. If this sounds familiar, it’s time to think about making a change.


Even federal government agencies are currently transitioning to zero trust. In fact, that is a major factor in why this methodology has drawn so much attention in the past 12 months. 


The Biden administration mandated that federal agencies transition to a zero trust security architecture in May 2021 with the release of its Executive Order on Improving the Nation’s Cybersecurity. It then followed up with the federal zero trust architecture strategy earlier this year, which defines the precise steps federal agencies must take to embrace zero trust architecture over the coming years.


While many public and private companies don’t have to switch to zero trust, they do so because they believe it will lower risk and improve digital transformation security.

 

Best practices for zero trust security 

What exactly does it entail to enforce a zero trust security policy? A lot. It calls for the implementation of a variety of security best practices — ones that, given the nature of the current cybersecurity threat landscape, merely make good economic sense.


For instance, an organization that has embraced a zero trust paradigm must put into operation procedures like:

  • Utilizing multi-factor authentication to confirm each user’s identity (MFA).
  • Ensuring regular patch management and software updates keeps all devices current and functional.
  • Comprehensive observation and monitoring to gather the most useful information to guide access control implementation.
  • Restricting access to specific assets, data, applications and resources rather than the entire network.

 

Step 1: Figure out what you need to safeguard the most

What exactly is the first step in establishing zero trust, aside from making the decision to proceed? Outlining the “protect surface” — or what is most valuable to your company — is the first step. To keep the business operating regularly, what data, applications, assets and services (DAAS) does the organization need to protect? 


Instead of trying to identify and defend the full attack surface or concentrating simply on the perimeter (which we already know is ineffective), an organization may strategically focus its resources on defending what really matters to the business by defining the protect surface. Additionally, protection is made simpler because the protect surface is considerably smaller than the attack surface or the perimeter.

 

Step 2: Identify every crack and crevice in your network

Once the protect surface is defined, it’s crucial to sketch out the network topology of the company when creating a zero trust architecture so you know where your assets are. The objective is to understand who your users are, what devices they use and what services and data they are accessing. 


Any components that use the network should be handled with extra caution. Any network, private or public, must be considered hostile under zero trust. Consider any existing services that were not built for a zero trust architecture because they may not be

able to protect themselves under the new, stricter methodology.


The next step is to identify how your systems operate after the network topology has been mapped. In order to confirm that a user or entity satisfies the necessary requirements for getting access to protected areas, you will be better able to identify the locations where access controls are required. Additionally, by implementing these restrictions, security administrators will be able to ensure that no user-to-application communication takes place.

 

Step 3: Continuous Validation

To be clear, when a company chooses to take a zero trust security approach, it decides to demand that all users, whether they are inside or outside the organization’s network, be authenticated, authorized and continuously validated for security configuration and posture before they are given access to applications and data — or allowed to maintain access to those resources.


The truth is that zero trust is a journey, just like the digital revolution itself. Zero trust security can take years to implement, and as networks change, maintaining an effective architecture will be a continuous effort.

 

Additional guidance on zero trust security framework

Despite the efforts of many security vendors to define zero trust, there are standards from reputable organizations that can help businesses transition. For instance, the Identity, Device, Network, Application Workload and Data Zero Trust Maturity Model is provided by the Cybersecurity and Infrastructure Security Agency (CISA) and is meant to facilitate an organization’s zero trust journey.


All in all, the zero trust framework specifically tackles the security issues that the majority of modern enterprises are confronted with, including safeguarding remote workers and hybrid cloud systems as well as defending against disruptive, expensive cyber threats like ransomware. 


By following these steps and understanding the fundamentals of zero trust, enterprises can implement a zero trust security strategy that keeps networks protected, secured and resilient.

KEYWORDS: cyber security data protection multi-factor authentication risk management zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Patrick Beggs is Chief Information Security Officer at ConnectWise. He is a cybersecurity executive focused on leading global cyber operations and has more than 20 years of operational duties in information security, spanning the commercial, federal civilian, defense, law enforcement, and intelligence communities. Most recently, Beggs served as Cognizant Technology’s Global Cyber Operations Executive, where he led a team of more than 150 personnel operating across five countries. Prior to Cognizant, he led cyber operations for AIG, Booz Allen Hamilton, Amazon Web Services, and Bank of America. In the public sector, he served as the first Deputy Director/Director of Operations at the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC).

Beggs is a former Army Infantry Non-Commissioned Officer and holds a B.S. in Political Science from Radford University. He also holds a patent for his work developing a new method of leveraging AI models for improving network security.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0719-Privacy-Feat-slide1_900px

    Implementing Zero Trust with FIM and SCM

    See More
  • Zero-trust-freepik

    Good-bye, trust-based security – WFH may usher in the age of zero trust

    See More
  • Zero-trust-freepik

    4 stages of a zero trust self-assessment

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing