Advice on Transitioning to Zero Trust: “Details Matter” and “It’s Well Worth It”

At Protegrity, we secure sensitive data for some of the world’s largest retailers and credit card companies and other organizations across the U.S., Europe, and Asia. They all count on us to protect the privacy of their sensitive information so they can focus on positive business outcomes instead of worrying about data breaches. So, when it comes to cybersecurity, we truly need to stay one step ahead.

That’s why we believed early on in the need to transition from a legacy security architecture to one based on zero trust. We aligned with Gartner’s security service edge (SSE) framework and the goal of secure, anytime, anywhere access to whatever resources users need, whether on the internet, in SaaS or private applications, or the public cloud. As we learned from deploying the Zscaler Zero Trust Exchange and its Zscaler Internet Access and Zscaler Private Access services, this approach requires a new mindset, but the tremendous security and user experience benefits make it well worth the effort.

Our successful migration to a modern security approach offers a couple of important lessons for everybody. 

First, understand that this is a transformational journey worth taking. Once the Zero Trust Exchange was fully deployed, our security posture dramatically improved, users were happier, and security management became easier, too. We also established an extensible, sustainable foundation for the future. Keep such benefits in mind as you forge ahead.

The second lesson: take careful, measured steps. Paying attention to details will help ensure that you don’t inadvertently overlook things that are simple to address early on, but can be time-consuming to deal with later.

For instance:

• Read the documentation. Read Zscaler’s best practices guide. It will save you a lot of confusion and help you understand how to shift your thinking from the traditional security approach.
• Consider carefully what to filter. Create a list, as comprehensive as possible, of websites and SaaS applications to allow and to block, including the obvious ones. If you forget to allow access to Salesforce, for example, you’ll have to deal with your entire sales team submitting a help desk ticket.
• Create consistent URL naming conventions. A standard naming schema will save a lot of time later, especially if you have more than one administrator. Without it, it’s easy to end up with a bunch of redundancies as administrators create new URL groups and policies.
• Get your Active Directory groups in order. Make sure all your user groups and subgroups are up to date before trying to deploy application segmentation with ZPA. Don’t assume everything is current.
• Work through group-specific use cases. Every group or department has different use cases and potential kinks to navigate.. For instance, our R&D group had issues with the Zscaler certificate–minor issues, but we needed to resolve  them for their use cases to be successful. Also, if a group doesn’t use Zscaler daily, they might not realize there is an issue for weeks or months after deployment so it is helpful to work out the kinks up front.
• Start with small beta groups. Before rolling out to whole departments or sites, start with smaller subsets of groups. Choose a few people from each department to help assess their department-specific use cases. After you work out the kinks, then deploy to the whole group.

Moving to a zero trust and SSE approach is a significant endeavor. However, for most organizations, it’s a transition that needs to be made to keep them secure. With the cloud and mobility becoming ubiquitous requirements, the old hub-and-spoke network with castle-and-moat security architecture is history.

As I said before, the switch is worth it.

To learn more about how our zero trust journey and partnering with Zscaler are helping Protgrity safeguard the data of over one billion individuals, I invite you to read our case study.