Start with an Effective Proposal <\/h3>\n\n\n\nThe proposal can make or break a Zero Trust program. With the right messaging, it can cultivate strong buy-in among leadership that trickles down to end users and spans the entire length of the Zero Trust program. A compelling proposal should include the following elements:<\/p>\n\n\n\n
The benefits of Zero Trust security. <\/strong><\/p>\n\n\n\n
Leaders are focused on reaching their goals and supporting their bottom line: orient your proposal around the benefits and impacts of a Zero Trust implementation<\/a> to keep it relevant to leadership. <\/p>\n\n\n\n
Hard numbers<\/strong><\/p>\n\n\n\n
Competitor activity <\/strong><\/p>\n\n\n\n
News stories and anecdotes of breaches. <\/strong><\/p>\n\n\n\n
Give examples of real breaches that have occurred<\/a> \u2014 especially those where the victim was similar in size, industry, or security practices to your organization \u2014 to underscore the seriousness of your risk. <\/p>\n\n\n\n
Risk formulas<\/strong><\/p>\n\n\n\n
Offer Strategic Training<\/h3>\n\n\n\nA Zero Trust program will almost certainly require some level of training, whether to introduce employees to new initiatives or to teach IT how to manage new tools.<\/p>\n\n\n\n
Strategic Training Best Practices<\/h4>\n\n\n\n
Leverage training documentation. <\/strong><\/p>\n\n\n\n
Training documentation makes information readily available and prevents time-consuming repeat sessions. Training documentation can take the form of:<\/p>\n\n\n\n
Collateral.<\/strong> <\/p>\n\n\n\n
Written documentation, diagrams, and other collateral can act as helpful reference guides available on demand. Some tool providers offer their own education material \u2014 check for any training or certifications they offer before creating your own.<\/p>\n\n\n\n
Recorded training sessions.<\/strong><\/p>\n\n\n\n
Record all in-person training sessions. This prevents the instructor from having to repeat sessions and creates another form of on-demand documentation. <\/p>\n\n\n\n
Community forums.<\/strong> <\/p>\n\n\n\n
Community forums or similar spaces \u2014 like a Slack channel for the IT department \u2014 allow your team to help one another. This can prevent mistakes, encourage on-the-job learning, and reduce the number of questions that need to escalate to leadership. It also becomes a self-writing repository of common questions and answers over time. <\/p>\n\n\n\n
Demonstrate new tools and UIs.<\/strong><\/p>\n\n\n\n
Leverage screenshots, screen recordings, demos, and hands-on workshops to get people comfortable with a new process or a tool\u2019s interface.<\/p>\n\n\n\n
Use a variety of training methods.<\/strong> <\/p>\n\n\n\n
People learn in different ways. Reach more people and help them better retain information by diversifying training materials and methods: written documents, recorded video, and hands-on demonstrations are great media types to start with.<\/p>\n\n\n\n
Explain Zero Trust security’s benefits. <\/strong><\/p>\n\n\n\n
Communicate that adopting Zero Trust best practices helps keep everyone\u2019s identities and data safe and streamlines their day-to-day experience with better, more user-friendly technology. This will help encourage active learning and adoption.<\/p>\n\n\n\n
Make it easy to find help.<\/strong> <\/p>\n\n\n\n
Make sure employees know where and who to go to for help, and keep those resources easily available and responsive. Also encourage employees to seek help from one another, and consider asking a few well-versed employees to be a point of contact for other employees\u2019 questions to minimize issue escalation.<\/p>\n\n\n\n
Take feedback. <\/strong>Incorporate surveys or other means of feedback collection into your training to refine it over time.<\/p>\n\n\n\n
Communicate with the Organization<\/h3>\n\n\n\nLeaders, stakeholders, IT, and end users should be aware of Zero Trust principles and best practices. Communicate best practices through clear training and documentation, and err on the side of over-communicating; repetition will help people internalize the message.<\/p>\n\n\n\n
In addition, leaders and IT should be aware of the Zero Trust program\u2019s trajectory and be kept up to date on implementation progress. This will help retain buy-in and encourage a trickle-down security culture. <\/p>\n\n\n\n
Forrester released a Practical Guide to a Zero Trust Implementation<\/a>, which details how to construct a Zero Trust roadmap that breaks your Zero Trust journey into achievable milestones. Consult this guide to create your own roadmap so that the organization can remain unified around the program\u2019s goals, benchmarks, and progress. <\/p>\n\n\n\n
Understand Your Environment and Users<\/h3>\n\n\n\nA successful Zero Trust implementation must accommodate your environment and users. However, IT work is often independent and highly focused, and it\u2019s not uncommon for IT teams to fall into a bit of an isolated work pattern. <\/p>\n\n\n\n
While this may help with teams\u2019 productivity and focus, it can cause IT teams to lose some context and nuance in their work. These oversights can have drastic consequences.<\/p>\n\n\n\n
For example, integrating your collaboration platform into your single sign-on (SSO) solution<\/a> might not seem like a big deal, but if sales teams don\u2019t receive enough notice, it could cause confusion and lock them out of sales calls. <\/p>\n\n\n\n
Cultivate a Security Culture<\/h3>\n\n\n\nCulture doesn\u2019t change overnight; however, it\u2019s a significant factor in Zero Trust adoption. In organizations with strong security cultures, everyone understands what <\/em>they should do and why<\/em>. <\/em><\/p>\n\n\n\n
They also feel a sense of accountability: security is everyone\u2019s responsibility. Demonstrate these values in training and in practice, make sure security awareness training includes communication around risk, and assign training to everyone <\/em>\u2014 not even leaders should be exempt.<\/p>\n\n\n\n
Demonstrate the Usability Wins<\/h4>\n\n\n\nZero Trust offers user-friendly benefits at the leadership, IT, and user level. For leaders, IT can configure conditional access policies to allow them to skip multi-factor authentication (MFA)<\/a> in secure locations, for example. Users, too, benefit from easier authentication and reduced password usage, among other advantages. <\/p>\n\n\n\n
For IT, a Zero Trust architecture provides improved visibility and reporting, more intuitive controls, and more reliable security \u2014 all of which make IT\u2019s job easier. Additional wins include the ability to manage Bring-Your-Own-Device (BYOD)<\/a> environments with mobile device management (MDM)<\/a> tools, unifying operations across work-from-anywhere environments, and cutting down on helpdesk tickets by reducing friction. Learn more in Does BYOD Fit Into a Zero Trust Security Strategy?<\/a>
<\/p>\n\n\n\n
Common Barriers to Buy-In<\/strong><\/h2>\n\n\n\nZero Trust Misconceptions or Skepticism<\/h3>\n\n\n\nUsers often misunderstand \u201cZero Trust\u201d to mean that they are not trusted, which can create resistance or resentment toward a Zero Trust program, hindering user adoption. <\/p>\n\n\n\n
Similarly, IT teams and leadership sometimes assume Zero Trust is just a buzzword or a problem for Fortune 500 companies rather than small and medium-sized enterprises (SMEs). However, this is far from the truth: SMEs are targeted at almost the same rate<\/a> as large companies, and Zero Trust is critical to protecting them<\/a>.<\/p>\n\n\n\n
Solved: Clear Communication and Training<\/h4>\n\n\n\n
Being aware of these common misconceptions can help you tailor your training and communication to address them head-on. Check out the blog, The Top 5 Zero Trust Myths, Clarified<\/a>, for inspiration on messaging around clarifying misconceptions. <\/p>\n\n\n\n
Shadow IT<\/h3>\n\n\n\n
Shadow IT<\/a> is a significant barrier to adoption: users turn to alternative solutions when the Zero Trust resources they\u2019ve been given can\u2019t do what they need them to.\u00a0<\/p>\n\n\n\n
Aside from the security risks of unmanaged accounts inputting and accessing corporate data, these shadow resources can wreak havoc on identity and access management (IAM)<\/a> and directory systems with multiple identities, siloed data in a shadow resource, and conflicting user data.\u00a0<\/p>\n\n\n\n
Note:<\/strong> \nLooking to combat shadow IT in your organization? Learn more about how JumpCloud compares against Intune for shadow IT discovery<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Solved: Prevent Where Possible<\/h3>\n\n\n\nWhile shadow IT isn\u2019t always preventable, it can be minimized with:<\/p>\n\n\n\n
Shadow IT awareness training<\/strong><\/p>\n\n\n\n
Many employees don\u2019t understand what shadow IT is or its security consequences. Shadow IT awareness training should be part of your organization\u2019s larger security awareness program. <\/p>\n\n\n\n
Open communication with IT<\/strong><\/p>\n\n\n\n
Users are more likely to turn to outside sources when they can\u2019t easily obtain help or make requests. Clarify the process for making requests or sending feedback to IT, and ensure IT is able to deliver timely responses and review feedback regularly. <\/p>\n\n\n\n
Focus on the employee experience<\/strong><\/p>\n\n\n\n
<\/strong>Make sure the IT stack accomplishes what departments and users need it to \u2014 and that they do so fairly seamlessly. Both the absence of tool functionality and complicated or high-friction tools can lead users and departments to seek alternative solutions. <\/p>\n\n\n\n
Keep a pulse on what\u2019s working and what isn\u2019t by conducting surveys and keeping IT communication channels open, easily accessible, and responsive.<\/p>\n\n\n\n
Solved: Eliminate or Legitimize When It Occurs<\/h3>\n\n\n\nWhile shadow IT prevention is important, it\u2019s not effective on its own. Shadow IT is essentially guaranteed to occur in an organization. Thus, just like cyber threats, IT teams must assume shadow IT will <\/em>occur and plan for the when<\/em>, not the if<\/em>.<\/p>\n\n\n\n
Elimination<\/strong><\/p>\n\n\n\n
<\/strong>When shadow resources don\u2019t comply with IT or compliance requirements, stop their usage \u2014 either by communicating with users or blocking access. However, note that these resources were likely solving a real business problem; talk with users and departments to determine what needs the shadow resource fulfilled to find alternative compliant solutions for them.<\/p>\n\n\n\n
Legitimization<\/strong><\/p>\n\n\n\n
When shadow resources add value and can comply with IT requirements, legitimize them by merging their identities with your IAM tool or directory, streamlining licensing costs, and developing best practices for their usage. <\/p>\n\n\n\n
Technology Literacy and Adoption<\/h3>\n\n\n\nUnfamiliarity with Zero Trust tools and processes or a resistance to change can create barriers to adoption. While a refusal to incorporate Zero Trust practices is a clear roadblock, the lack of literacy around Zero Trust \u2014 whether at the leader, IT, or employee level \u2014 creates barriers that are just as challenging to overcome. <\/p>\n\n\n\n
End users that struggle to adopt Zero Trust practices tend to cause frequent errors and circumvention, both of which work against a smooth Zero Trust rollout. <\/p>\n\n\n\n
IT teams without sufficient certification and training around Zero Trust security and its supporting technology can\u2019t properly uphold and manage a Zero Trust architecture, causing breakdowns over time.<\/p>\n\n\n\n
Solved: Implement Training and a Security Culture<\/h4>\n\n\n\n
Fortunately, this challenge can be largely addressed with clear and effective training. In addition, cultivating a culture of security will help people internalize and retain Zero Trust messages and best practices. <\/p>\n\n\n\n
Solved: Demonstrate the Benefits of Adoption<\/h3>\n\n\n\n
In addition to training and cultivating the right culture, make sure users, leadership, and IT understand the benefits of Zero Trust: <\/p>\n\n\n\n
Users have a more seamless experience while trusting their personal data is adequately protected.<\/p>\n\n\n\n
Leadership experience the same usability wins that end users do. In addition, they\u2019re adopting a security program that\u2019s more competitive and effective against breaches, improving overall business viability and protecting their bottom line. <\/p>\n\n\n\n
IT personnel enjoy similar usability wins from the administrative side: from better visibility to easier-to-use tools, they\u2019ll experience a more streamlined day to day with Zero Trust. In addition, Zero Trust training is a chance to hone their skills in technology that\u2019s becoming more and more popular among businesses, making them more competitive from a personal career standpoint.<\/p>\n\n\n\n
Simplify Zero Trust Security<\/strong><\/h2>\n\n\n\nOver-complication is the antithesis of easy adoption. To further explore how you can streamline your Zero Trust initiative for users, IT, and leadership, visit JumpCloud\u2019s Zero Trust resource library <\/a>\u2014 a space dedicated to providing IT professionals the tools they need to keep security clear, straightforward, and achievable.<\/p>\n","protected":false},"excerpt":{"rendered":"
Leaders, stakeholders, IT, and end users should be aware of Zero Trust principles and best practices. Communicate best practices through clear training and documentation, and err on the side of over-communicating; repetition will help people internalize the message.<\/p>\n\n\n\n
In addition, leaders and IT should be aware of the Zero Trust program\u2019s trajectory and be kept up to date on implementation progress. This will help retain buy-in and encourage a trickle-down security culture. <\/p>\n\n\n\n
Forrester released a Practical Guide to a Zero Trust Implementation<\/a>, which details how to construct a Zero Trust roadmap that breaks your Zero Trust journey into achievable milestones. Consult this guide to create your own roadmap so that the organization can remain unified around the program\u2019s goals, benchmarks, and progress. <\/p>\n\n\n\n
Understand Your Environment and Users<\/h3>\n\n\n\nA successful Zero Trust implementation must accommodate your environment and users. However, IT work is often independent and highly focused, and it\u2019s not uncommon for IT teams to fall into a bit of an isolated work pattern. <\/p>\n\n\n\n
While this may help with teams\u2019 productivity and focus, it can cause IT teams to lose some context and nuance in their work. These oversights can have drastic consequences.<\/p>\n\n\n\n
For example, integrating your collaboration platform into your single sign-on (SSO) solution<\/a> might not seem like a big deal, but if sales teams don\u2019t receive enough notice, it could cause confusion and lock them out of sales calls. <\/p>\n\n\n\n
Culture doesn\u2019t change overnight; however, it\u2019s a significant factor in Zero Trust adoption. In organizations with strong security cultures, everyone understands what <\/em>they should do and why<\/em>. <\/em><\/p>\n\n\n\n
They also feel a sense of accountability: security is everyone\u2019s responsibility. Demonstrate these values in training and in practice, make sure security awareness training includes communication around risk, and assign training to everyone <\/em>\u2014 not even leaders should be exempt.<\/p>\n\n\n\n
Demonstrate the Usability Wins<\/h4>\n\n\n\nZero Trust offers user-friendly benefits at the leadership, IT, and user level. For leaders, IT can configure conditional access policies to allow them to skip multi-factor authentication (MFA)<\/a> in secure locations, for example. Users, too, benefit from easier authentication and reduced password usage, among other advantages. <\/p>\n\n\n\n
For IT, a Zero Trust architecture provides improved visibility and reporting, more intuitive controls, and more reliable security \u2014 all of which make IT\u2019s job easier. Additional wins include the ability to manage Bring-Your-Own-Device (BYOD)<\/a> environments with mobile device management (MDM)<\/a> tools, unifying operations across work-from-anywhere environments, and cutting down on helpdesk tickets by reducing friction. Learn more in Does BYOD Fit Into a Zero Trust Security Strategy?<\/a>
<\/p>\n\n\n\n
Common Barriers to Buy-In<\/strong><\/h2>\n\n\n\nZero Trust Misconceptions or Skepticism<\/h3>\n\n\n\nUsers often misunderstand \u201cZero Trust\u201d to mean that they are not trusted, which can create resistance or resentment toward a Zero Trust program, hindering user adoption. <\/p>\n\n\n\n
Similarly, IT teams and leadership sometimes assume Zero Trust is just a buzzword or a problem for Fortune 500 companies rather than small and medium-sized enterprises (SMEs). However, this is far from the truth: SMEs are targeted at almost the same rate<\/a> as large companies, and Zero Trust is critical to protecting them<\/a>.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Zero Trust Misconceptions or Skepticism<\/h3>\n\n\n\nUsers often misunderstand \u201cZero Trust\u201d to mean that they are not trusted, which can create resistance or resentment toward a Zero Trust program, hindering user adoption. <\/p>\n\n\n\n
Similarly, IT teams and leadership sometimes assume Zero Trust is just a buzzword or a problem for Fortune 500 companies rather than small and medium-sized enterprises (SMEs). However, this is far from the truth: SMEs are targeted at almost the same rate<\/a> as large companies, and Zero Trust is critical to protecting them<\/a>.<\/p>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/){kind=icon}
<\/p><\/div>Looking to combat shadow IT in your organization? Learn more about how JumpCloud compares against Intune for shadow IT discovery<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Solved: Prevent Where Possible<\/h3>\n\n\n\nWhile shadow IT isn\u2019t always preventable, it can be minimized with:<\/p>\n\n\n\n
Shadow IT awareness training<\/strong><\/p>\n\n\n\n
Many employees don\u2019t understand what shadow IT is or its security consequences. Shadow IT awareness training should be part of your organization\u2019s larger security awareness program. <\/p>\n\n\n\n
Open communication with IT<\/strong><\/p>\n\n\n\n
Users are more likely to turn to outside sources when they can\u2019t easily obtain help or make requests. Clarify the process for making requests or sending feedback to IT, and ensure IT is able to deliver timely responses and review feedback regularly. <\/p>\n\n\n\n
Focus on the employee experience<\/strong><\/p>\n\n\n\n
<\/strong>Make sure the IT stack accomplishes what departments and users need it to \u2014 and that they do so fairly seamlessly. Both the absence of tool functionality and complicated or high-friction tools can lead users and departments to seek alternative solutions. <\/p>\n\n\n\n
Keep a pulse on what\u2019s working and what isn\u2019t by conducting surveys and keeping IT communication channels open, easily accessible, and responsive.<\/p>\n\n\n\n
Solved: Eliminate or Legitimize When It Occurs<\/h3>\n\n\n\nWhile shadow IT prevention is important, it\u2019s not effective on its own. Shadow IT is essentially guaranteed to occur in an organization. Thus, just like cyber threats, IT teams must assume shadow IT will <\/em>occur and plan for the when<\/em>, not the if<\/em>.<\/p>\n\n\n\n
Elimination<\/strong><\/p>\n\n\n\n
<\/strong>When shadow resources don\u2019t comply with IT or compliance requirements, stop their usage \u2014 either by communicating with users or blocking access. However, note that these resources were likely solving a real business problem; talk with users and departments to determine what needs the shadow resource fulfilled to find alternative compliant solutions for them.<\/p>\n\n\n\n
Legitimization<\/strong><\/p>\n\n\n\n
When shadow resources add value and can comply with IT requirements, legitimize them by merging their identities with your IAM tool or directory, streamlining licensing costs, and developing best practices for their usage. <\/p>\n\n\n\n
Technology Literacy and Adoption<\/h3>\n\n\n\nUnfamiliarity with Zero Trust tools and processes or a resistance to change can create barriers to adoption. While a refusal to incorporate Zero Trust practices is a clear roadblock, the lack of literacy around Zero Trust \u2014 whether at the leader, IT, or employee level \u2014 creates barriers that are just as challenging to overcome. <\/p>\n\n\n\n
End users that struggle to adopt Zero Trust practices tend to cause frequent errors and circumvention, both of which work against a smooth Zero Trust rollout. <\/p>\n\n\n\n
IT teams without sufficient certification and training around Zero Trust security and its supporting technology can\u2019t properly uphold and manage a Zero Trust architecture, causing breakdowns over time.<\/p>\n\n\n\n
Solved: Implement Training and a Security Culture<\/h4>\n\n\n\n
Fortunately, this challenge can be largely addressed with clear and effective training. In addition, cultivating a culture of security will help people internalize and retain Zero Trust messages and best practices. <\/p>\n\n\n\n
Solved: Demonstrate the Benefits of Adoption<\/h3>\n\n\n\n
In addition to training and cultivating the right culture, make sure users, leadership, and IT understand the benefits of Zero Trust: <\/p>\n\n\n\n
Users have a more seamless experience while trusting their personal data is adequately protected.<\/p>\n\n\n\n
Leadership experience the same usability wins that end users do. In addition, they\u2019re adopting a security program that\u2019s more competitive and effective against breaches, improving overall business viability and protecting their bottom line. <\/p>\n\n\n\n
IT personnel enjoy similar usability wins from the administrative side: from better visibility to easier-to-use tools, they\u2019ll experience a more streamlined day to day with Zero Trust. In addition, Zero Trust training is a chance to hone their skills in technology that\u2019s becoming more and more popular among businesses, making them more competitive from a personal career standpoint.<\/p>\n\n\n\n
While shadow IT prevention is important, it\u2019s not effective on its own. Shadow IT is essentially guaranteed to occur in an organization. Thus, just like cyber threats, IT teams must assume shadow IT will <\/em>occur and plan for the when<\/em>, not the if<\/em>.<\/p>\n\n\n\n
Elimination<\/strong><\/p>\n\n\n\n
<\/strong>When shadow resources don\u2019t comply with IT or compliance requirements, stop their usage \u2014 either by communicating with users or blocking access. However, note that these resources were likely solving a real business problem; talk with users and departments to determine what needs the shadow resource fulfilled to find alternative compliant solutions for them.<\/p>\n\n\n\n
Legitimization<\/strong><\/p>\n\n\n\n
When shadow resources add value and can comply with IT requirements, legitimize them by merging their identities with your IAM tool or directory, streamlining licensing costs, and developing best practices for their usage. <\/p>\n\n\n\n