Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Approaches for Zero Trust Adoption Based upon Organization Security Level

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1768))

Included in the following conference series:

  • 850 Accesses

Abstract

The “Trust but Verify” principle, which majority of enterprises follow, would need to be revamped. It is agreed that the problems resulting from the “Trust but Verify” principle can be addressed using the Zero Trust principles alongside a risk-driven enterprise security approach. Despite the importance and increasing popularity of Zero Trust, it is still not widely adopted by many organizations. This is because adopting and enforcing the principles and mechanisms behind Zero Trust are unclear. The majority of the work done in this space is industrial and usually customized and scoped to address specific enterprise business requirements. We believe Zero Trust adoption must not be homogeneous across all types of organization, neither it should be scoped to component level. The adoption should rather get processed within an enterprise security architecture framework and should consider the security maturity of an organization. In this paper, we do not cover the mechanisms for implementing Zero Trust; but rather propose, based on our practical experience, the different possible classifications of organization security maturity and the various approaches for Zero Trust Adoption. We then map the proposed approach of Adopting Zero Trust to the classified organizations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abbadi, I.M.: Cloud Management and Security. Wiley, Hoboken (2014)

    Google Scholar 

  2. Abbadi, I.M., Martin, A.P.: Trust in the cloud. Inf. Secur. Tech. Rep. 16(3–4), 108–114 (2011). https://doi.org/10.1016/j.istr.2011.08.006, https://doi.org/10.1016/j.istr.2011.08.006

  3. Alawneh, M., Abbadi, I.M.: Sharing but protecting content against internal leakage for Organisations. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 238–253. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70567-3_19

    Chapter  Google Scholar 

  4. Alawneh, M., Abbadi, I.M.: Integrating trusted computing mechanisms with trust models to achieve zero trust principles. In: The 9th International Conference on Internet of Things: Systems, Management and Security (IOTSMS) (2022)

    Google Scholar 

  5. Buck, C., Olenberger, C., Schweizer, A., Völter, F., Eymann, T.: Never trust, always verify: a multivocal literature review on current knowledge and research gaps of zero-trust. Comput. Secur. 110, 102436 (2021). https://doi.org/10.1016/j.cose.2021.102436, https://www.sciencedirect.com/science/article/pii/S0167404821002601

  6. Cunningham, C.: A look back at zero trust: Never trust, always verify (2020). https://www.forrester.com/blogs/a-look-back-at-zero-trust-never-trust-always-verify/

  7. D’Silva, D., Ambawade, D.D.: Building a zero trust architecture using kubernetes. In: 2021 6th International Conference for Convergence in Technology (I2CT), pp. 1–8 (2021). https://doi.org/10.1109/I2CT51068.2021.9418203

  8. Embrey, B.: The top three factors driving zero trust adoption. Comput. Fraud Secur. 2020(9), 13–15 (2020). https://doi.org/10.1016/S1361-3723(20)30097-X, https://www.sciencedirect.com/science/article/pii/S136137232030097X

  9. Gartner: What is cybersecurity mesh? (2022). https://www.gartner.com/en/conferences/na/security-risk-management-us/conference-resources/cybersecurity-mesh

  10. Iosif, A.C., Gasiba, T.E., Zhao, T., Lechner, U., Pinto-Albuquerque, M.: A large-scale study on the security vulnerabilities of cloud deployments. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Secur., pp. 171–188. Springer Singapore, Singapore (2022). https://doi.org/10.1007/978-981-19-0468-4_13

    Chapter  Google Scholar 

  11. SABSA: SABSA enterprise security architecture (2022). https://sabsa.org

  12. SecurityWeek: Best practice: Can you really define ’best’ security? (2012). https://www.securityweek.com/best-practice-can-you-really-define-best-security

  13. Stack, T.: When is good enough good enough? meeting compliance without losing your mind (2022). https://www.threatstack.com/blog/is-good-enough-good-enough-meet-compliance-without-losing-your-mind

  14. Syed, N.F., Shah, S.W., Shaghaghi, A., Anwar, A., Baig, Z., Doss, R.: Zero trust architecture (ZTA): A comprehensive survey. IEEE Access 10, 57143–57179 (2022). https://doi.org/10.1109/ACCESS.2022.3174679

    Article  Google Scholar 

  15. ca technologies: Regulatory compliance is irrelevant\(\ldots \) or is it?(2018). https://docs.broadcom.com/doc/regulatory-compliance-is-irrelevant-or-is-it

  16. Teerakanok, S., Uehara, T., Inomata, A.: Migrating to zero trust architecture: reviews and challenges. Secur. Commun. Netw. 2021, 1–10 (2021). https://doi.org/10.1155/2021/9947347

    Article  Google Scholar 

  17. Yan, X., Wang, H.: Survey on zero-trust network security. In: Sun, X., Wang, J., Bertino, E. (eds.) Artif. Intell. Secur., pp. 50–60. Springer Singapore, Singapore (2020)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Engineering, Al Ain University, Abu Dhabi, UAE

    Muntaha Alawneh

  2. Security, Risk, and Compliance Practice, Hewlett Packard Enterprise, Dubai, UAE

    Imad M. Abbadi

Authors
  1. Muntaha Alawneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Imad M. Abbadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muntaha Alawneh .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Temple University, Philadelphia, PA, USA

    Jie Wu

  4. Khalifa University of Science and Technology, Abu Dhabi, United Arab Emirates

    Ernesto Damiani

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alawneh, M., Abbadi, I.M. (2023). Approaches for Zero Trust Adoption Based upon Organization Security Level. In: Wang, G., Choo, KK.R., Wu, J., Damiani, E. (eds) Ubiquitous Security. UbiSec 2022. Communications in Computer and Information Science, vol 1768. Springer, Singapore. https://doi.org/10.1007/978-981-99-0272-9_36

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-0272-9_36

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-0271-2

  • Online ISBN: 978-981-99-0272-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation