"5 Best Practices from Industry for Implementing a Zero Trust Architecture"
Researchers at Carnegie Mellon University (CMU) have detailed five zero trust best practices. When considering going through a zero trust transformation, it is crucial to develop and maintain a comprehensive inventory of Data, Applications, Assets, and Services (DAAS) in accordance with the National Security Telecommunications Advisory Committee (NSTAC) and Department of Defense (DOD) Zero Trust Reference Architecture. This inventory helps companies understand their enterprise architecture baseline and the steps needed for zero trust transformation. Key components of establishing dynamic zero trust policies are inventory logging and auditing. In order to optimize maturity, organizations are advised to use automation, orchestration, and Application Programming Interfaces (APIs). Ideal zero trust maturity includes continuous identity validation, device monitoring and validation, encrypted traffic, and dynamic data policies. Without automation and APIs, it is much more difficult to effectively execute the recommended practices for implementing zero trust architecture. According to researchers, automation and APIs help with collecting and updating an inventory, auditing and logging, implementing security guardrails as part of governance and risk management, and using cloud and virtual solutions that need to communicate automatically with multiple other inventory components to function. This article continues to discuss best practices from the industry for implementing a zero trust architecture.