Organizations facing cyber threats are embracing zero trust, a security mindset that protects high-value assets in real time. But cybersecurity teams can’t just buy a zero trust architecture at the store. To put zero trust fully into action, teams need to scrutinize an organization’s strengths and challenges and then chart a path to a zero trust architecture. In this way, organizations can turn core zero trust principles—assume a breach; never trust, always verify; allow only least-privileged access—into concrete solutions that support key missions and strategic objectives.

Common Challenges

Organizations in government and industry must overcome an array of challenges to implement a zero trust architecture. Here are a few examples:

Legacy Infrastructure

Legacy Infrastructure

A patchwork of cloud environment and legacy IT infrastructure creates many vulnerabilities. In addition, security is often an afterthought in digital modernization efforts.

Data Management

Data Management

Organizations must figure out how to discover, classify and tag their data before they can enable restricted access based on approved policies

Identity Management

Identity Management

Getting identity management right is critical for enabling all zero trust principles. In addition, strong authentication & robust attributes are needed to apply conditional access

Lots and Lots of Logs

Lots and Lots of Logs

Zero trust’s focus on continuous monitoring results in large amount of log collection, which could overwhelm relatively small security teams. Organizations need to handle all that data smartly and efficiently.

Minerva’s Approach

Assessment

Assessment

We show clients how to use the seven pillars of zero trust and governance to elevate security and demonstrate increased maturity step by step with our zero trust maturity assessment model. The model lets organizations rate their capabilities in all seven zero trust dimensions using five maturity levels.

Baselining

Baselining

The assessment arms organizations with a threat-centric understanding of their strengths and challenges in the context of zero trust, current tools and capabilities, considering the key missions, strategic priorities, emerging threats, and the organization’s risk appetite.

Zero Trust Architecture Roadmaps

Zero Trust Architecture Roadmaps

Evaluating the current state of an enterprise’s capabilities and gaps allows the security team to weigh priorities and create pillar-specific roadmaps. Not all entities necessarily need to achieve the highest level of maturity in all areas: Every organization is unique.

Tailored Implementation

Tailored Implementation

We help clients craft tailored implementation guidance to achieve measurable improvement over time. For instance, organizations can work toward deploying comprehensive security monitoring, granular dynamic risk-based access controls, and system security automation in a coordinated way throughout infrastructure.

The 7 Pillars of Zero Trust

The seven zero trust pillars are aligned with the Department of Defense (DOD) zero trust reference architecture and Cybersecurity and Infrastructure Security Agency (CISA) maturity model.

Seven Pillars of Zero Trust

User

Use identity, credential, and access management (e.g., multifactor authentication)

Device

Use real-time inspection, assessment, and patching of devices to inform every access request

Applications & Workloads

Secure Application & Workload development, access, and operation

Network/Environment

Isolate and control the network environment with segmentation and firewalls

Data

Use end-to-end encryption, data rights management, and data tagging to protect data

Visibility & Analytics

Improve detection and reaction time, enabling real-time access decisions

Automation & Orchestration

Quarantine and/or terminate anomalous activity based on defined processes