Avoiding Zero-Trust Tool Fatigue
Reaching optimal zero-trust maturity doesn’t necessarily mean integrating as many tools as possible into your infrastructure. In fact, adding new tools without a strategy behind them can lead to tool fatigue, causing your zero-trust journey to stall.
Organizations in the middle of their zero-trust journeys moving toward optimal zero-trust maturity may ultimately find themselves at a crossroads where the path forward seems a bit unclear.
There are countless tools available to help organizations meet key priorities across the zero-trust framework — from identity and access management (IAM) to micro-segmentation, multifactor authentication (MFA) and more. But the breadth of tools, applications and gadgets available to address zero-trust priorities can make the next steps on the zero-trust maturity journey feel overwhelming.
Though these tools can help address critical security gaps, implementing additional tools into your environment can bring additional costs, risks and management challenges. For example, should your organization worry about one of your zero-trust tools being breached? Who in your organization will be responsible for managing that tool?
To avoid stagnation on your zero-trust journey, it’s important to ensure that your zero-trust strategy is aligned to your company goals, priorities, risks and culture before selecting or installing additional zero-trust tools.
What Zero-Trust Tools Are Available?
The zero-trust framework includes tools to support all of the Cybersecurity and Infrastructure Security Agency’s (CISA) guidance on building zero-trust strategies. Examples of these tools include:
- Identity and access management (IAM): Identity management solutions, single sign-on (SSO), multifactor authentication (MFA), conditional access and user lifecycle management.
- Devices: Mobile device management (MDM), mobile application management (MAM), endpoint security with threat detection and response capabilities.
- Networks: Web gateway security, firewalls and secure access service edge (SASE).
- Applications and workloads: Containerization services, data encryption and data protection.
- Data: Data security and analytics, and data loss prevention (DLP).
When beginning a zero-trust journey, it’s not uncommon for organizations to simply purchase several of these tools and hope that they improve their team’s security posture enough to reach optimal zero-trust maturity. In reality, adding a slew of new tools to your security environment without a strategy behind them leads to overwhelming management of infrastructure, or tool fatigue.
Avoiding Tool Fatigue
Tool fatigue typically occurs when organizations find themselves spending an inordinate amount of time managing their tools as opposed to focusing on key business priorities. When aligned to your business, your zero-trust toolset should help your organization become more agile — not slow you down.
Tool fatigue is especially prevalent in industries like manufacturing, which has seen a recent influx in convergence between IT and operational technology (OT).
Recently, a large manufacturing customer called on CDW to help them better manage their infrastructure as part of their zero-trust strategy. We discovered that this customer’s IT and OT teams acted as separate business centers within the company, with the OT side representing the “profit center” as the business segment responsible for material production, and the IT side representing the “cost center.” As our security experts began the discovery process, it became clear that the two segments of the business did not communicate with each other. In fact, we discovered that neither team had collaborated in over five years, as the OT team was reluctant to let IT interfere with their machinery.
As we investigated further, we found that the OT side of this business had no automation or alerts in place, and the IT team was busy managing a number of disparate zero-trust tools on their own.
Our security experts stepped in as mediators between these two teams and dug a little deeper. Through conversations with both teams, we found that the reason the OT team was reluctant to use IT tools within their systems was due to concerns over machinery shutdowns, as each hour of downtime or inactivity would cost the organization $300,000.
Rather than looking at IT integration as potential support for manufacturing production, this team was concerned about the risk of slowdown. We decided to solve both problems with one simple zero-trust solution: automated alerts to notify both teams of possible machinery shutdowns.
To keep both teams working together while ensuring that their systems were separate, we set up two different data management stacks segmented in the organization’s cloud. If a piece of machinery overheated or slowed down, an alert would be sent to the necessary team members.
With this minimal investment of time and resources, this organization become more efficient and more profitable, easily saving more than $300,000 in lost revenue — at the same time, making both teams a mutual profit center by avoiding the cost of machinery failure.
Communication and Collaboration Are Your Best Zero-Trust Tools
While the value of zero trust is different for every organization, there are no zero-trust tools that serve as a “magic bullet” for immediate maturity. Zero trust is an incremental process, and getting to optimal maturity requires a cultural shift in the way that organizations approach security.
For a zero-trust strategy to be effective, it must be fully integrated into your organization’s business objectives. When implemented correctly, zero trust is really a cultural behavior more than it is a collection of security tools. Members of your organization are the ones implementing zero-trust strategies — the tools they use are there to make that implementation easier.
For example, one question that may be on the minds of security leaders is, “What happens if my zero-trust tool is breached?” After all, inserting additional tools of any kind into your environment can potentially bring additional risks (like the Apache Log4j logging utility security issue, which provided a wakeup call for developers just two years ago).
If your organization is following best practices for zero-trust implementation, then the impact of potential breaches should already be minimal, as your data should be protected at all times. If a protocol is broken within the access pillar, for example, the necessary people should be alerted immediately to cut off access to data. The same is true for the identity pillar. Since access to data should already be limited across the board, a breach of the identity pillar via credential theft should be easily remediated, as privileged access management (PAM) tools should be used to immediately report on those sessions and respond in a timely manner.
The philosophy of zero trust assumes that anything that can be breached will be breached — so no one is to be trusted implicitly. Optimal zero-trust maturity means automating all the tools and policies at your disposal to ensure that if and when any tool within your environment is compromised, your most important assets are always secure.
What to Know Before Selecting Zero-Trust Tools
No matter where you are in your zero-trust journey, confirming that all teams have a deep understanding of zero-trust frameworks and the tools in your environment is essential. This will allow your organization to make genuinely educated decisions on tool selection to support your zero-trust strategy based on your specific risks.
The best way to avoid tool fatigue is to select tools that are well-integrated into your overall security strategy. Let’s say you’re part of the security team for a healthcare organization. Selecting a data loss prevention (DLP) tool may seem an obvious choice to protect your data, but without knowing where your data resides, blindly implementing this tool may unlock a cumbersome layer of complexity that slows down patient care in the process. Instead, the best practice would first be to understand where your data is located, get a hold of unstructured data and then build policies on top of that data before even considering a DLP tool.
A great way to ensure you’re getting the most value out of your zero-trust tools is with a rapid zero-trust maturity assessment. This assessment measures your organization’s IT environment against CISA’s Zero Trust Maturity Model standards while identifying security gaps and making actionable recommendations on closing them.
From there, a tools rationalization workshop will help identify the tools you have in your stack today and the steps your organization needs to take to optimize them. This process includes stakeholders from your networking, data center and security teams who work together to help make your current tools across all business units more efficient by ensuring that they’re all working together.
With a well-defined strategy in place across all members of your organization, you can rest assured that the zero-trust tools you select will help you improve security and efficiency as you reach optimal zero-trust maturity — without slowing down operations.
Cortex XDR provides full visibility across endpoint, network and cloud; threat detection across all data sources with integrated threat intel.
