A lot of vendors sell Zero Trust solutions. Or do they? Most are based upon their own product line that existed before Zero Trust became a thing and have simply been adapted, and none of them are complete solutions. I work at a company that is 100% cloud based, no perimeter or VPN, an open-source BYOD background, with a 100% remote employee base. We use dozens of SaaS solutions as a company; we have hundreds of servers/containers/images, multiple cloud providers for our services; and we are growing exponentially.
We wanted to deploy Zero Trust solutions as there are many benefits from a security standpoint of doing so, but after looking at the landscape out there, we had to get extremely creative in how we deployed any solution. Our solutions are not for you–they are for us–but we learned a lot getting to the point we are at now. I’ll describe what has happened so far, what we plan to do next, what has worked and what has not, and cover some important lessons that we think might be beneficial to all those considering Zero Trust, or simply shoring up security in general since that is essentially what most of Zero Trust boils down to.