Solutions

Solutions

Cyber Force Platform Deploy continuous security improvement
Elite Cyber Skills Development Dynamically develop elite cyber ops teams
Stack Optimizer Make key cyber ROI and governance decisions
Rapid Range The fastest way to build a high-fidelity cyber range
Cyber Score Establish benchmarks and gather evidence
Professional Services Accelerate deployment, development, integrations and readiness
Verticals

Verticals

Government Protect sensitive data
Global Cyber Defense Train the way you fight
Critical Infrastructure Keep critical systems available
Financial Services Build client trust and confidence
Insurance Safeguard your investments
Energy Protect the nation's power supply
Partners

Partners

Why Partner with SimSpace
Partner Types
Partner Program
Resources

Resources

Analyst Reports
Blogs
Calculators
Case Studies
Catalogs
Datasheets
Demos
Infographics
Videos
Webinars
Whitepapers
Company

Company

Leadership Enabling organizations to realize continuous security improvement
Locations SimSpace has a global footprint with offices around the world
Careers Find your career at SimSpace
Events Events, happenings and webinars
News In the news
Fresh Phish Cybersecurity with a side of humor
Request a demo
Solutions
Cyber Force Platform >
Deploy continuous security improvement
Elite Cyber Skills Development >
Dynamically develop elite cyber ops teams
Stack Optimizer >
Make key cyber ROI and governance decisions
Rapid Range >
The fastest way to build a high-fidelity cyber range
Cyber Score >
Establish benchmarks and gather evidence
Professional Services >
Accelerate deployment, development, integrations and readiness
Verticals
Government >
Protect sensitive data
Global Cyber Defense >
Train the way you fight
Critical Infrastructure >
Keep critical systems available
Financial Services >
Build client trust and confidence
Insurance >
Safeguard your investments
Energy >
Protect the nation's power supply
Partners
Why Partner with SimSpace >
Partner Types >
Partner Program >
Resources
Analyst Reports >
Blogs >
Calculators >
Case Studies >
Catalogs >
Datasheets >
Demos >
Infographics >
Videos >
Webinars >
Whitepapers >
Company
Leadership >
Enabling organizations to realize continuous security improvement
Locations >
SimSpace has a global footprint with offices around the world
Careers >
Find your career at SimSpace
Events >
Events, happenings and webinars
News >
In the news
Fresh Phish >
Cybersecurity with a side of humor
Request a demo

In May 2021, executive order (EO) 14028 sent shock waves through the cybersecurity community as the formerly abstract concept of Zero Trust suddenly became a mandate for federal agencies. On January 26, 2022, the Office of Management and Budget (OMB) signaled its alignment with the EO by releasing plans to implement a Zero Trust Architecture (ZTA). With nearly every industry being business-adjacent to the federal workspace, many executives find themselves Googling “Zero Trust” and its related buzzwords. These moves are a shrill warning that the familiar security practices of creating fortressed cyber perimeters are no longer sufficient.  

So what is a Zero Trust Architecture?

Simply put, it’s an approach to cybersecurity requiring continuous user validation. The idea is to protect your environment and sensitive data through network segmentation and robust authentication methods. These measures help prevent malicious—or negligent—actors from moving laterally within your organization to access sensitive data.

Some may have initially thought ZTA would be simply another add-on feature for their legacy security configuration. The framework, however, represents a paradigm shift that promises to drag enterprise operations kicking and screaming into a brave new world. The world has changed, and ZTA acknowledges the realities of modern business ecosystems. 

Check Out Our Confidence Blog Series

Today, critical business workflows mingle among virtual and containerized architectures, community source code, partner and public clouds, and a distributed workforce and customer base. The notion of establishing trust with a username and password or guarding a static perimeter is no longer realistic.

How does this impact CISOs and their teams?

In this three-part series, we will explore the challenges of implementing a ZTA, how to model its operational impact and how it can benefit your organization. 

Finding the new perimeter

At the heart of the ZTA framework is the concept that perimeters are not defined by static boundaries but by partitioning workflows. Enumerating the entities (users, assets, applications, data, exchanges, etc.) involved with business workflows has been a daunting task—even for modestly sized businesses with a focused set of workflows. And identifying the exceptional individuals, or unicorns, who have the technical or line-of-business expertise for this undertaking is no easier. 

Fortunately for medium and large businesses, there are some technological aids to the process, such as Cisco’s Tetration application, which uses deployed agents to provide telemetry data to define workflows and perform ZTA policy discovery. Whether you utilize traditional collaboration methods or a technology supplement, defining business workflows is an essential starting point for micro-segmentation and establishing micro-perimeters along your ZTA journey.

The new trust stack

It’s well established among security professionals that usernames and passwords alone are obsolete. While supplemental processes like multi-factor authentication pose a modest improvement, they still do not bring a satisfactory resolution to user impersonation. 

ZTA takes a more comprehensive view of trust, which you can think of as a “trust stack.” The trust stack goes beyond identity management and network privileges by validating the device, connection, application use and interchange as well as rights to data stores. 

The initial workflow enumeration process mentioned earlier helps define rule sets that statically validate the trust stack. Still, dynamic and continuous validation processes are required to address other threats like session hijacking. This includes user and entity behavior analytics as well as machine learning and policy orchestration to manage complex rule sets. Palo Alto Networks is one vendor that has introduced new solutions and is working with NIST to refine and document requirements.

Understanding the impact of ZTA implementation

The transition from traditional network security practices to a ZTA is a complex undertaking. No business executive would consider implementing a ZTA directly into production—even in a monitoring-only mode. There are too many opportunities to disrupt critical business workflows, and paradoxically, the security gained is questionable until validated within an interactive environment. 

That’s why it’s critical to have a high-fidelity environment to model the impact of a ZTA on your unique production environment. Cyber range platforms are ideal for testing ZTA policies, modeling user behavior and accessing analytics.

Read Part II - Validating your Zero Trust Strategy to identify the right tools for the job.

Did you know that SimSpace can help validate your ZTA implementation and compliance posture? To find out more and request a demo of our ZTA validation capabilities, contact us at info@simspace.com
Blog byBud Whiteman
Bud Whiteman
Bud Whiteman
Bud Whiteman serves as Lead Cyber Analyst at SimSpace, applying over 20 years of experience in risk management, cybersecurity risk assessment, business analysis and workforce development. Prior to his civilian career, Bud spent 20 years as a US Navy officer, attached to nuclear submarine operations and US Strategic Command. He holds a MS in Operations Research from the Naval Postgraduate School, and is a Certified FAIR™ practitioner for quantifying cyber risk.