Zero Trust

Zero Trust
In terms of ZeroTrust and organizations building out their environments in such a way that makes sense and minimizes risks. As a medium to large enterprise, are you satisfied with your progress to date? To riff a bit more on this topic , NIST 800-207 is a good read, it covers both greenfield and continuous improvement ZeroTrust scenarios. Similar to data compliance, I think most of us never experience greenfield.

Top Answer: To put it in context... 7 years in and our SINGLE-SIGNON conversion effort is still executing, still converting sites and applications.  We will never reach the end of the pipeline because we keep acquiring another companies, and they always have a lot of legacy apps.  Zero-Trust will probably go the same way, we won't ever have "Greenfield", but then the company has been in existence for over 100 years.

Related Tags
Thoughts on cybersecurity mesh architecture (CSMA)? Is it just a new buzzword or a genuine step up from Zero Trust and SASE?

Top Answer: The idea has a lot of merit. If you can consider your security strategy to be  puzzle pieces fitting together, rather than overlapping silos, there is much to be gained. Between better analytics, using "best in class" products specifically for their niche, and having the freedom to plug in solutions from various vendors, the idea seems really appealing on paper. I think it remains to be seen how the implementation will work, but much as we pushed for open APIs from vendors, having the ability to integrate your tools together to leverage them in a way that suits your use case the best, will be a market differentiator for a lot of products.