The concept of 'Zero Trust, ' which essentially presumes conventional perimeter protections don't exist, has been in cybersecurity for many years. Driven by the evolving threat landscape as well as maturing defensive frameworks, on November 22, 2022, the Department of Defense (DoD) released an updated Zero Trust (ZT) strategy and DoD implementation roadmap.
By 2027, the Department plans to implement risk management using the Zero Trust capabilities and actions indicated in the strategy and roadmap. The plan's end goal is a DoD Information Enterprise protected by an enterprise-wide Zero Trust cybersecurity framework that allows for an efficient risk assessment process, information sharing in collaborative settings, and the rapid containment and remediation of malicious actions. The plan lays forth four overarching and interconnected strategic objectives that the Department will pursue to realize its vision for ZT.
Randy Resnick, chief of the Department of Defense's zero trust portfolio management office, told reporters in advance of the strategy's announcement, "With zero trust, we are assuming that a network is already compromised. We thwart and frustrate an adversary from moving laterally through a network using recurring user authentication and authorization. The goal is to identify attackers and mitigate the damage quickly."
Exploring the Advent of Zero Trust in Cybersecurity
The Zero Trust (ZT) framework is a cybersecurity paradigm that assumes that all network traffic, irrespective of origination or destination, should be considered suspicious. All traffic is potentially harmful and thus subject to high scrutiny and control.
According to Gartner's projections, worldwide end-user spending on zero-trust network access (ZTNA) systems and solutions is expected to increase from $819.1 million in 2022 to $2.01 billion in 2026, representing a compound annual growth rate of 19.6%. This growth will take place from a starting point of $819.1 million in 2022. In addition, it is anticipated that worldwide expenditure on zero-trust security software and solutions will increase at a compound annual growth rate of 17.3%, going from $27.4 billion in 2022 to $60.7 billion in 2027.
Uncovering the Pillars of the Zero Trust Strategy
The ZT roadmap is the first of its kind within the DoD security program. It lays out the steps that must be taken to implement Zero Trust, including security risk assessment, gap analysis, the creation of requirements, planning for execution, the final stages of procurement and deployment and penetration testing. It is important to note that like many frameworks, the DoD document is merely a strategy and not an infrastructure for implementing that approach.
DoD ZT Training & Strategy Goals:
- Cybersecurity strategies combine and operationalize Zero Trust in new and old systems to ensure the security and defense of DoD data systems.
- Subsequent deployment of technologies occurs at a rate on par with or faster than technological progress in general.
- Department and Component-level procedures, rules, and financing align with Zero Trust concepts and methods.
Integrating the ZT Framework Across Institutions
The approach adopted by the DoD attempts to standardize the deployment of the ZT framework across various organizations and technology stacks. The goal is to facilitate organizations' adoption of the ZT framework and guarantee that all implementations are functional and uniform.
Shifting the Emphasis from Compliance to Results
In this novel context, the emphasis on results, as opposed to compliance, is one of the most significant contrasts between the most recent version of the approach and earlier iterations. In the past, the primary focus has been on fulfilling compliance obligations. Instead, the new strategy emphasizes the need to end the threat rather than just putting safeguards in place and crossing your fingers.
The Bottom Line
Overall, the revised Zero Trust Strategy guide published by the Department of Defense represents an essential milestone in the progression of the ZT framework. The goal of the new approach is to make it more straightforward to adopt by making it more standardized in its implementations and changing the emphasis from compliance to results.
Contact Truvantis to deploy the capabilities of a solid ZT approach to protect your company's cybersecurity, privacy, and compliance without interfering with your core business objectives.
Truvantis® is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization's infrastructure, data, operations, and products. We specialize in helping our clients improve their cybersecurity posture by implementing, testing, auditing, and operating information security, privacy & compliance programs – balancing security with risk appetite.