Though Zero Trust is here to stay, that doesn’t mean implementation is easy. Rob Maas is one of the leading Zero Trust consultants and the Field CTO at ON2IT. In this blog series, he’ll provide background and tips based on his years of practical experience implementing Zero Trust.
In the second part of this series (you can find part 1 here) he answers the question: what part does business alignment play in cybersecurity implementations?
When moving from a strategic vision to the practical operations of a Zero Trust approach, business alignment plays a crucial part in determining whether this journey will be a resounding success or a tough struggle.
Zero Trust implementation involves a diversity of stakeholders, each contributing their unique capabilities and perspectives. For each of the 5 steps to Zero Trust approach, their diversity of viewpoints comes into play.
When it comes to the transition to Zero Trust (or really any major transition), there are three main objections we hear from stakeholders:
- Not Invented Here (NIH) syndrome (them vs us)
- No budget or time
- It’s (too) complex
“Not Invented Here” syndrome
A common obstacle in the Zero Trust journey is the “Not Invented Here” (NIH) syndrome. In short, it’s the tendency to avoid using or buying products, research, standards, or knowledge from external origins.
You may think that this isn’t relevant within a business, but in this case it’s important to remember that even just another department within the same company can be seen as an external origin.
For example, this syndrome might come up when the business demands certain security requirements and asks IT to implement them: what do “they” know about security? Or what about when IT hopes to implement Zero Trust measures from the ground up, which could lead to maintenance window request, process changes, etc. “They” have no idea about how this would disrupt our business goals!
This dynamic can sometimes devolve into “them vs. us” discussions, with finger-pointing and a sense of detachment. When the discussions start involving “them” instead of “we,” it’s a clear signal that alignment might be slipping.
Budget and time constraints
No budget or time is another common argument we hear. Zero Trust implementation demands an investment, whether in terms of time, finances, or both. In scenarios lacking alignment and stakeholder buy-in, resistance often shows in the form of supposed budget and time constraints.
There may be pushback, claims that these changes necessitate resources (i.e. people, licenses, tools) that are unavailable in the current budget or timeline. Making sure everyone understands and stands behind the Zero Trust strategy is key to ensuring all stakeholders are aligned on what is and isn’t needed to move forward.
Effective business alignment is key
Zero Trust introduces a novel approach to cybersecurity, marked by new concepts and terminology. Making sure every stakeholder is equipped with the knowledge, language and same perspective on security is crucial for a smooth transition. The third argument, it’s too complex, can be mitigated when the organization works together, embracing this new strategy as a unified entity.
When the stars align and all business alignment pieces fall into place, Zero Trust becomes more than a project, instead evolving into an ingrained process. This shift from project to process solidifies Zero Trust as an integral part of the organization.
Furthermore, shared goals between stakeholders pave the way for celebrating achievements—each successful implementation of a “protect surface” becomes a milestone to be acknowledged.
The journey toward Zero Trust is marked by a unified understanding of goals, an organization wide commitment to shared principles, and a collective effort that bridges the gap between business imperatives and security measures. Ultimately, business alignment is more than just a small part of this, it’s the foundation upon which you build a successful Zero Trust implementation that secures your organization’s future.
Where to begin
Your cybersecurity needs are clearer than ever. You’re confronting operational gaps, compliance hurdles, and the complex challenges of equipping your staff with the right tools and around-the-clock support.
Yet implementing a Zero Trust strategy, whether you are just starting or are already on your way, can be overwhelming for organizations. Where do you start? How do you ensure this business alignment that is so key to your success?
With our Zero Trust RFC services you’ll be able to benefit from our more than nineteen years of successful Zero Trust implementations. Check out what your first step towards a Zero Trust Roadmap can be.
make cybersecurity more affordable
Want to know more about how ON2IT has been helping organizations with their Zero Trust strategy and implementation for over 19 years?