Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

How to Talk to Your Boss About Zero Trust

A recent Executive Order from the Biden Administration put zero trust architecture in the spotlight. When your top execs come asking about it, here's what you need to know.

President Joseph R. Biden's May 12 Executive Order on Improving the Nation's Cybersecurity brought renewed interest in zero trust architecture, the ripple effects of which are just starting to be felt in government and private sector organizations around the world. 

The principles of zero trust, first introduced by then-Forrester analyst John Kindervag in 2010, require rethinking the trust-but-verify model upon which so much IT infrastructure has been built. It calls for viewing trust as a vulnerability instead and posits that we remove the notion of trust from digital systems entirely. With ransomware attacks on the rise, the software supply chain compromised and the attack surface growing exponentially, it's clear that a new approach to cybersecurity is in order. If your executive leadership hasn't yet come around asking about your plans for zero trust, we assure you it's only a matter of time.

With misperception about zero trust running rampant, here are five things your boss needs to know about zero trust:

  1. Zero trust is a strategy, not a SKU. In most organizations, it can be implemented using existing off-the-shelf cybersecurity products. There is no single zero trust product your organization can purchase and plug in to transform your risk posture overnight.
  2. Zero trust requires a foundation of strong cyber hygiene. As the National Institute of Standards and Technology (NIST) guidelines make clear, you can't build a zero trust strategy without first having accurate visibility into all of the organization's assets — including IT, cloud, operational technology (OT) internet of things (IoT).
  3. User profiles matter more than ever. A zero trust strategy requires you to continuously monitor all users all the time. Tools such as Active Directory, which are used to manage user profiles and privileges, must be continuously monitored and kept up to date. 
  4. No one is trusted — no exceptions. This may not please the CEO or other C-suite executives, who can sometimes behave as if the rules don't apply to them. Brushing up on your diplomatic skills is advised. 
  5. Zero trust requires thoughtful change management. There are people throughout the organization who have built their careers on the legacy cybersecurity principles of moat-and-castle and trust-but-verify. They may be threatened or feel that their jobs are in jeopardy if they aren't engaged in the zero trust buildout from day one.

The bottom line? It won't happen overnight. Zero trust as a concept is simple to grasp. What makes it complex to implement are the same factors that make any cybersecurity strategy complex: the unique mix of process, procedure, education and technology found in your IT infrastructure. It's best to start small and roll out from there, rather than trying to boil the ocean. 

Cybersecurity in a world without perimeters

As organizations around the globe emerge from pandemic lockdown and embrace a hybrid model that allows working from home to be as seamless on premises, it's clear that the legacy approaches to cybersecurity are no longer in order. A successful zero trust journey requires executive support and buy-in from all areas of the organization. It's not something cybersecurity leaders can execute in a vacuum. It's a strategic decision that will ultimately change the way every employee in the organization uses technology, reducing risk every step of the way. 

Learn more

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training