Zero Trust Readiness & Fitness

Can you alert your CEO about a data breach within minutes? Are you struggling with your security? Or do you simply want to know the maturity level of your IT security program? By combining policy, architecture and operation, Zero Trust Readiness™ & Fitness™ helps you shape an overview of your current and desired information security maturity, and guards the quality and effectiveness of your measures 24/7.

What is Zero Trust?

Zero Trust is a strategy, and an amazing tool to shape your security sustainably and independently, regardless of your data’s location. This strategy connects ‘what data do I have and what is the most valuable (crown jewels)’ and ‘what policy (laws and regulations) should I apply here’. Combining these two makes it much easier to create a clear overview of policy and its application.

Choosing Zero Trust security means effectively minimizing the attack surface of your entire network. Divide the network up into (micro)segments or functional domains and apply security measures that are in line with the sensitivity of the data within that segment. This ensures that a security incident or breach will impact only a specific segment, instead of the entire network.

Why Zero Trust?

  • Minimal exposure to cyber threats
  • Fixed low operational costs
  • Faster response times in the event of an incident
  • Better continuity for crucial company processes
  • Better and more cost-efficient compliance
  • Future proof

Zero Trust Readiness Assessment

The ON2IT Zero Readiness Assessment determines each level’s objective, as well as whether your business is ready for the required services, and the relevant Critical Success Factors. Based on the results, CISOs can determine the gap between the current and the desired situation and can develop an implementation and improvement plan.

The Readiness Assessment is part of the ON2IT Security Orchestration, Automation and Response platform. The progress monitor on this platform reports the progress of the implementation during the change as well as during the run phases. It also enables informed decisions about required actions, budgets, and resource allocations.

Zero Trust Readiness & Fitness
Zero Trust Scoping & Fitness

Zero Trust Scoping & Fitness Score

After the initial Zero Trust Readiness Assessment, you know where you stand and can use the Zero Trust Scoping tool to determine which parts of your network are the primary candidates for Zero Trust segmentation. ON2IT visualizes the segments and the measures that go with them in the SOAR platform.

This provides you with complete insight into the required controls and matching measures on all individual micro-segment levels and gives a complete summary of all Zero Trust segments.

Detailed microsegment dashboards offer drilldowns to the individual control level and its operational status, including scoping and second line risk assessment. We use this to determine your Zero Trust Fitness™ Score.

By continually monitoring the operational aspects of your cybersecurity measures, we ensure that you comply with the results of the Zero Trust Readiness™ Assessment.

Zero Trust Security Framework

Policy as a base

Using the company’s policy as a base, our clients apply the Zero Trust Readiness Assessment to expose weaknesses and discover possible risks in their organization. This includes focusing on information risk and security to improve security for the network and data.

The assessment is based within the Zero Trust Framework. This is not yet another framework, but instead a collection of the best practices of the most common international frameworks already in existence. The Framework provides room for specific policy, such as ISO, or specific measures to be included in the Zero Trust Framework.

Demonstrable protection and compliance

The Readiness Assessment allows organizations to demonstrably protect their network and data while remaining compliant with (inter)national guidelines and legislation. The assessment clarifies your status in relation to your policy.

We examine whether you are ready for Zero Trust on three separate levels and show you any gaps between your current and desired level of security. This shapes the ‘security road map’, detailing which tools and/or exclusively actions are needed to successfully implement Zero Trust.

Immediate reduction impact cybercrime

Applying the basic principle of ‘never trust, always verify’ together with the segmented protection of data and applications within the network, Zero Trust security immediately reduces the impact of cybercrime, whether this takes place on-premise, in the cloud, on industrial systems or IoT equipment.

Zero Trust Framework

Three separate organisational levels

The ON2IT Readiness Assessment transparently addresses the readiness requirements at the three separate organizational levels of cybersecurity, conform COBIT model. It determines at each separate level whether your organization is ready for Zero Trust.

The assessment – with inquiries based on twelve years of Zero Trust experience – provides insight and control across these levels with a common language and metrics for relevant measures. These measures are the building blocks to help you to synchronize risk management, policy and practice.

The strategic level

Know your environment and capabilities

The strategic level establishes the direction and tone of the company for management and operations to implement the Zero Trust strategy.

Early boardroom involvement and their commitment is needed to define the organization’s relevant cyber actors, risks and critical value chains (including the assets) as well as the company’s level of risk appetite.

This establishes a common knowledge and understanding, including the levels of your organization’s own capabilities and talent, that determine whether it is equipped to win the cyber race.

Strategic
Management

The managerial level

Know your risks

To execute the strategic directives and make management decisions, you need to know which ones to tackle first.

Therefore, management needs to have processes and structures (reporting, roles and accountabilities) in place to instruct operations to build or run security tools and to get feedback on the performance, the major improvements that are needed and their action owners.

The key here is a solid insight into data, applications, assets and services: DAAS. Understanding your critical DAAS landscape and orchestration across this landscape is the major role of all actors at a managerial level.

The operational level

Know your technology

To implement Zero Trust, you need to determine whether the existing technology and controls are equipped to do this, or whether you need to acquire additional technologies or implement additional processes. At this stage, you assess the technology’s level of operational fitness as well as its alignment with upper DAAS processes.

Because the effectiveness of operational controls is assessed in relation to the Zero Trust segments defined at the upper levels, the alignment of risk and technology can be designed and measured with greater precision and cost-effectiveness. The ‘relevance score’ of every individual segment drives the required controls and required dynamic feedback on their effectiveness. (This concept is integrally embedded in our methodology and in the Zero Trust Security Orchestration, Automation and Response platform.)

This is a real-time process. It cannot simply be a static process because operations would fail to deliver adequate information to the organization’s higher levels.

Operational