Getting Zero Trust Right
By: Taylor Hersom, RSI, see the original article here RSItex.com/post/getting-zero-trust-right
Cloud 9 Advisers, Supplier Spotlight: Renaissance Systems, Inc.

A Brief History
The Case for Evolving Trust Security
- One Size Does Not Fit All
Arguably the most important point I will stress is that while advertisements show you can “adopt Zero Trust in minutes with our tool”, those marketing gurus are causing companies to put the proverbial cart before the horse. Even with incredible SaaS tools at your disposal, you still have to be extremely familiar with the implementation and all the nuances that stem from the process, such as certificate authority, device discovery, and inherent limitations. This requires members of your organization to take the time to understand Zero Trust, understand the variety of required tools, and figure out a launch strategy that doesn’t cripple your organization. Furthermore, while there are a variety of technical solutions on the market that claim ‘Zero Trust Security’ (i.e. OKTA, Duo Security), this is only part of the puzzle. There are more components to the Zero Trust Model than those addressed by these Identity & Access Management (IAM) tools. Without this knowledge and expertise, your Zero Trust strategy will gain zero traction. - Easy to Miss the Mark On Execution
Unfortunately, companies tend to fall into this pit of saying “let’s require every user to authenticate in three different ways every time they access any critical application”. Not only does this create a very difficult beast to manage for your IT department, but it also doesn’t even accomplish some of the biggest potential benefits of Zero Trust. This was the #1 reason RSI created the Evolving Trust framework, and the name says it all: we believe in incorporating deep monitoring/data analytics into the entire process so that checks and balances are strategically placed throughout a users’ access journey rather than just at the beginning. For example, when a user authenticates and meets our basic requirements (i.e. correct credentials, an appropriate device, relevant geo-location), we let them in. Next, we monitor those users and what they are trying to access. If they attempt to access any system/data we deem critical, then we require another authentication check. Finally, we keep an eye on the patterns of each user to detect anomalies in what/when/where they are accessing critical applications or data. This allows us to control the narrative for every user, every time, without creating huge inefficiencies in our organization. - Employee Education is Even More Important Than Technology
Zero Trust is just another component of cyber security and one of the biggest problems that security experts are facing is the fact that people LOVE to skirt rules. It’s human nature to make assumptions that we all know everything and we all deserve the best for ourselves, especially when some very nice Nigerian prince is trying to wire us FREE money. RSI discovered the hard way that this unfortunate mindset carries into the Zero Trust realm. The fact of the matter is, Zero Trust adds at least one extra step for every employee when they attempt to login to a critical application by requiring Multi-Factor Authentication (MFA). This causes some people to lose their minds (especially those pesky developers who are obsessed with minimizing clicks), which creates a snowball effect down the road when they decide to adopt a shiny, new SaaS tool and choose not to tell anyone about it. What’s more, IT experts have developed a mindset that firewalls keep bad actors out and that they can inherently trust their environments. The same people who haven’t changed their server admin passwords in 4 years are now required to shift their mindset to the opposite end of the spectrum, which takes time. Your Zero Trust model is only as powerful as the IT people, processes, and technologies you are in control of, which is why RSI identified other strategies to counteract these risks in the form of discovery tools, monitoring, and data analytics. - It Takes A Village Just to Manage A Village
Similar to the game of Monopoly, acquiring the esteemed Boardwalk space is only half the battle. You still have to enforce and manage your acquisition or the positive effects are moot. Zero Trust requires a SOC team to actively manage access, evaluate trust scores on a periodic basis, track new assets, and manage vulnerable endpoints (i.e. outdated OS, vulnerable applications, etc.). RSI treated our implementation as an opportunity to train our entire Technical Assistance Center (TAC) team, creating a squad of experts in the entire Zero Trust Management process and providing them the tools to scale this expertise to our clients. One of the biggest benefits of our Evolving Trust framework is that it requires a LOT less effort for our TAC team to manage access because we have automated many of the previously manual processes.
To learn more about Zero Trust and how RSI can help, please contact Cloud 9 Advisers.
RSI is a member of the Cloud 9 Supplier Portfolio
About RSI
- Automated solutions for business workflow
- AI solutions for data analytics
- Custom, managed IT services
- Exclusive distributor of CyberCompass™, automated cyber risk management
- Drone Services

Your Agent. Your Advocate. Your Adviser.
Because it’s all about you.
Cloud 9 Advisers will save you time during the often exhausting process of finding, evaluating, and selecting new technologies and competitive providers. We become an extension of your team and help manage the entire bidding and procurement process. We will save you money by using the buying power of thousands of other clients through our curated Supplier Portfolio, and finding the right companies from our portfolio to bid on your requirements. We provide you clarity by distilling all the information from each bidder, and clear the clutter so you can make the right decision on the best solution and provider. Cloud 9 gives you confidence throughout the decision-making process by continually evaluating the bidders and negotiating the best price and terms, so you can focus on what you do best.
Technology Partners. Strategic Advisers.