Zero trust cybersecurity: Critical success factors and A maturity assessment framework

Abstract

Zero trust cybersecurity is beginning to replace traditional perimeter-based security strategies and is being adopted by organizations across a wide range of industries. However, the implementation of zero trust is a complex undertaking, different from traditional perimeter-based security, and requires a fresh approach in terms of its management. As such, a clear set of critical success factors (CSFs) will help organizations to better plan, assess, and manage their zero trust cybersecurity. In response, we investigated the CSFs for implementing zero trust cybersecurity by conducting a three-round Delphi study to obtain the consensus from a panel of 12 cybersecurity experts. We built a multi-dimensional CSFs framework that comprises eight dimensions, namely identity, endpoint, application and workload, data, network, infrastructure, visibility and analytics, and automation and orchestration. Based on the CSFs, we developed a maturity assessment framework enabling organizations to evaluate their zero trust maturity. This paper contributes to a theoretical understanding of how to deploy zero trust from multiple dimensions and offers a viable guidance framework for organizations from a practical perspective. This paper is useful for organizational stakeholders who are in the process of planning, reviewing, or implementing zero trust cybersecurity.