How we researched and build a Zero Trust technology
This paper "On the Design and Engineering of a Zero Trust Security Artefact” describes the empirical validation trough practitioner-oriented research, in order to gain a better implementation of Zero Trust strategies. And how this validation was conducted in 2020 with 73 security practitioners. This paper was presented in 2021 in Vancouver.
The implementation of Zero Trust strategies explained
Adequately informing the board of directors about operational security effectiveness is cumbersome. The concept of Zero Trust (ZT) approaches information and cybersecurity from the perspective of the asset, or sets of assets, to be protected, and from the value that it represents.
Zero Trust has been around for quite some time. This paper continues on the authors previous research work on the examination of Zero Trust approaches, what is lacking in terms of operationalization and which elements need to be addressed in future implementations and why and how this requires empirical validation.
In the first part of the paper, we summarise the limitations in the state of the art approaches and how these are addressed in the Zero Trust Framework developed by ON2IT ‘Zero Trust Innovators’. Then we describe the design and engineering of a Zero Trust artefact (dashboard) that addresses the problems at hand, according to Design Science Research (DSR).
The last part of this paper outlines the setup of an empirical validation trough practitioner-oriented research, in order to gain a better implementation of Zero Trust strategies. And how this validation was conducted in 2020 with 73 security practitioners.
The final result is a proposed framework and associated technology which, via Zero Trust principles, addresses multiple layers of the organization to grasp and align cybersecurity risks and understand the readiness and fitness of the organization and its measures to counter cybersecurity risks.