Everybody’s talking about Zero Trust (ZT). Even the Whitehouse issued an executive order to start implementing Zero Trust. Many technology manufacturers position their products as enabling or fulfilling ZT requirements. ZT focus on eliminating trust in the digital network, verifying all traffic, and segmenting the environment. By enforcing on every service, user, or application, strict access and verification policy avoid bad actors having unauthorized access to systems. This paper continues the authors' previous research on examining Zero Trust approaches. It defines the core problems of vendor promises which causes Information Asymmetry that impede the understanding and successful implementation of Zero Trust. We first start with a description of Zero Trust and continue with practical lessons that we have gathered from six expert interviews with a collective experience of over 50 years implementing Zero Trust in diverse settings. The paper finishes by providing concrete guidance and examples that practitioners can consider when implementing Zero Trust.
FULL PAPER
