Role-playing Zero Trust Personas at Forrester Security Forum, Washington DC

Zero Trust Framework for Network Security

Conquering the fear of attacks and breaches, championing privacy, and securing organizations’ futures were key themes at the recent Forrester Privacy and Security 2018 event, held in Washington DC. The event brought together over 200 leaders in privacy and security from retail, financial services, media, healthcare, and more to explore the rapid escalation of security, privacy, and risk from the operation back office to a strategic, enterprise-level imperative. We were pleased to present a unique persona-based role playing partner session, entitled ‘A Zero Trust Framework for Network Security’, which can be viewed on video in full here:

The session followed on from the ‘Foundations of Zero Trust’ presentation by Forrester’s Principal Analyst Chase Cunningham, our session explored how the Forrester Zero Trust Model can help organizations develop robust prevention, detection, and incident response capabilities when applied to network security.

Addressing the Zero Trust Challenge

To highlight how this challenge can be addressed, we departed from the usual industry conference presentation format to take a persona-based approach in the session. This highlighted each stakeholder’s specific needs, and illustrated how they could be met. I examined the importance of Zero Trust and the elements that could be overseen from the perspective of the CISO. Product Marketing Manager, Yitzy Tannenbaum explained the Business Analyst’s perspective. And Regional Sales Engineer Bryan McWilliams discussed the practicalities and considerations that the Network Security Architect is concerned with in deploying Zero Trust across today’s complex, heterogenous enterprise networks.

We enjoyed examining the issue from the perspective of each of these roles, and the audience reaction showed that they appreciated the unconventional format. From the perspective of each persona, we reviewed Forrester guidance on Zero Trust, and explored the challenges and requirements that organizations face when implementing a Zero Trust Framework. We discussed how these can be addressed through an automation solution that enables visibility, policy change automation and segmentation, while easing compliance and enabling integration with existing IT infrastructures. For each area, we presented real use cases to illustrate how these could be applied.

Embracing a Zero Trust methodology will bring the enterprise to the highest level of security, but implementing that methodology is easier said than done. Monitoring all traffic, packets and users across a complex, hybrid enterprise environment is a huge task, which is impossible to do manually.

Zero Trust Approach

While a Zero Trust approach can’t prevent every possible attack or breach, it can ensure that organizations don’t fall victim to basic attacks or fail to discover a breach for months or even years. Beyond security too, Zero Trust makes it easier for companies to deploy new business and operational models, because they are building out from a secure foundation.