Posted: 2 Min ReadFeature Stories

Zero Trust: Three Domains Taking Center Stage

Lessons From Successful Zero Trust Implementations

I have heard from many organizations progressing in their Zero Trust journey and many are finding new challenges that they need to tackle to realize their desired outcome. These challenges start as they shift workloads to the cloud, leverage newer technologies like Open Source libraries, and hire new talent to support the efforts. While a Zero Trust architecture has been developed over the past 10 plus years, it will likely be some time before we see industry best practices to solve these challenges. Unsurprisingly, this is causing security teams to turn to new domains to help address these efforts. Here is what I’m hearing, as I advise some of our largest global customers:

First as companies are moving workloads into the cloud —and more often than not, multiple clouds—leveraging Cloud Native Application Protection Platforms (CNAPP) is a critical tool. Managing security configurations in the cloud is something that there are not enough experts to do, instead of leaning on hiring the right role and trusting there are no mistakes, the use of CNAPPs to scan and protect those workloads can provide assurance that applications being delivered from the cloud are secure.

Next we are seeing a pivot away from the legacy attitude of maintaining internal and proprietary software libraries - it’s expensive, cumbersome, and slows down DevOps teams. That obviously creates a lot of concern about the underlying software libraries that are being used - and rightly so, we already saw the massive impact that Apache’s Log4j vulnerability created last year - so managing the use of these libraries is critical. Developing internal process and policy with regards to the Software Bill of Materials (SBOM) is a critical function of maintaining a Zero Trust state.

Here at Broadcom, we aim to support our customers working to achieve a Zero Trust architecture in their environment with our Symantec Enterprise Cloud solution.

Hiring talent is one of the most common things I hear when I talk to customers about their Zero Trust journey—there simply are not enough qualified cybersecurity professionals out there. Hence automation is becoming one of the first requirements of security controls —and something organizations should ask of all their vendors—it’s the only way to scale going forward as the problems that need to be solved are not going to get smaller.

Zero Trust is a nebulous architecture and while it starts with identity management and data protection it demands organizations have visibility into their assets, planning on how they’ll be secured, and governance to ensure they’re able to stay in a Zero Trust state. That means thinking of technologies and processes that are not classic Zero Trust functions but are part of the bigger picture.

Here at Broadcom, we aim to support our customers working to achieve a Zero Trust architecture in their environment with our Symantec Enterprise Cloud solution, and because of our unique relationship with our customers, we can identify the best starting point for implementing Zero Trust—whether that’s with native capabilities delivered by our services or integrating with the larger security ecosystem.

Symantec Enterprise Blogs
You might also enjoy
2 Min Read

Lessons From Successful Zero Trust Implementations

Best of breed is dead

Symantec Enterprise Blogs
You might also enjoy
7 Min Read

Coding for the Future of U.S. National Defense

Broadcom and VMware Tanzu support this mission

About the Author

Kyle Black

Technical Director - Information Security

Kyle is currently a Technical Director for the Information Security Group focusing on maturing data protection programs, mitigating insider threats, and bringing together security telemetry to deliver better outcomes to our customers.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.