By David Nicholls, Cloud Engineer
It’s likely you’ve heard the term “Zero Trust” since the term and founding principles have existed for at least two decades. If you’re reading this and haven’t read NIST SP 800-207, read it! It’s a short read at 59 pages and packed with principles, guidelines, and examples that individuals and organizations should already be practicing.
As a business, you’ve likely briefed employees on the idea and practice of zero trust, but does everyone in your organization truly understand it and why it’s important to everyone? Have your employees read any Zero Trust documentation and make sure they understand the content, especially those charged with building, applying, monitoring, and auditing.
Your organization may still be struggling with the application of these principles from a cultural and logistical perspective; however, everyone involved should have a fundamental understanding of the overarching goal. Applying security without planning can lead to unintended consequences in the form of outages, over exposure, and even data leakage.
It’s up to the organization to provide a roadmap to employees on how zero trust is being adopted as well as ensuring a fundamental level of understanding. However, it is up to every individual within the realm of technology to maintain a personal level of responsibility and accountability.
Please take some time and add the NIST SP 800-207 to your reading list, as it is well-structured and easy to follow and understand. You’ll likely find it easy to implement from a personal and technical perspective in your daily duties.