RSA 2022: Inside the Making of a Zero Trust Architecture

The 2022 RSA Conference is well underway and Broadcom Software is excited to be tracking some of the most important topics coming from the conference in San Francisco, CA.

One of the biggest topics is of course: Zero Trust. The recent explosion of cloud, mobile, and IoT has resulted in an environment without conventional network boundaries – and many experts believe Zero Trust is the answer to securing it.

Indeed, Zero Trust is a clear priority for stakeholders up and down the security hierarchy. Just yesterday, the Cloud Security Alliance (CSA) released a new study based on a survey of 800 IT and security professionals which found that 77% of respondents are increasing their spend on Zero Trust over the next year. In addition, 80% of C-level executives have Zero Trust as a priority for their organizations, and 94% are in the process of implementing Zero Trust.

These figures come as no surprise to the folks at the National Cybersecurity Center of Excellence (NCCoE), who held their session on June 06 at RSA titled, “Inside the Making of a Zero Trust Architecture.”

Bringing Zero Trust to Life

Speakers Alper Kerman and Scott Rose of the National Institute for Standards and Technology (NIST) – the lead authors/contributors of NIST’s Special Publication (SP) 800-207, Zero Trust Architecture – discussed the work they are doing at NCCoE to bring Zero Trust to life. Their aim? To remove the shroud of complexity around designing for Zero Trust with “how to” guides and example approaches to implementing a Zero Trust architecture (ZTA) for several common business cases.

For their project, “Implementing a Zero Trust Architecture,” NCCoE is collaborating with various industry participants – including heavy hitters AWS, Palo Alto Networks, CISCO, Google Cloud, Mandiant, Microsoft, IBM, and Broadcom Software – to demonstrate several approaches to a ZTA, all applied to a conventional enterprise IT infrastructure on premises and in the cloud. They’re testing all kinds of hybrid environment scenarios, from a remote employee accessing enterprise resources to cross-enterprise collaboration with business partners – all using commercially available technologies.

Through it all, they are learning what’s working, what’s challenging, and what companies might want to consider when designing and building a ZTA. The project will culminate in a NIST Cybersecurity Practice Guide: a publicly available description of the practical steps needed to implement the cybersecurity reference designs for Zero Trust.

In fact, the team has already drafted Volume A of their first Practice Guide, which is now online for public comment. This high-level publication, which explores what the project is about, the challenge it’s addressing, and how NCCoE’s solution addresses it, is meant to help leadership plan their journey toward ZTA. Volumes B and C, which dive deeper into the technology, will be released later this summer.

Can’t Wait to Read It. What Else Can I Do Today?

As the NCCoE continues to carry out its project, Kerman and Rose suggested a few steps security professionals can take today to move toward ZTA.

• Right now: Do a thorough analysis of your environment, including your primary mission, business processes, primary workflows, and all resources. Think about your policy engine, administrator, enforcement point, and information points – and how you want to handle them.
• Next quarter: Begin forming access policies for workflows. Identify gaps in technology, policy, and processes.
• Next 6-12 months: Focus on low hanging fruit, with small bites at a time. “ZTA is a journey,” says Kerman. Also, address gaps in identity, compliance, and monitoring.

You can also stay informed about the NCCoE’s progress and findings, as well as get involved in future projects, but requesting to join a Community of Interest (COI) – a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. 

To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.