Optiv Zero Trust Assessment Best Practices

Matthew Lally, Technical Manager at Optiv, shows the assessment steps they use with clients to plot zero trust principles against a maturity and capabilities framework applied to key security domains, from authentication to containment and remediation, that can be used to assess and build your security strategy and action plan for the world of zero trust.


Hi, there. My name is Matthew Lally and I'm a technical manager at Optiv. I'm thankful for the Beyond Identity team for having me today. I'm here to talk a bit about Optiv's Zero Trust Readiness Assessment. 

But first, let's establish some background. Zero trust is a security model that assumes every user, device, and network connection is potentially compromised, and therefore, requires verification before any access is granted. Passwordless authentication has become a very important component of this model as it offers more secure and user-friendly ways to access sensitive data and systems. 

This follows the nomenclature of never trust and always verify. But the question typically comes to mind is how do we get there? Optiv is the security solutions integrator, a one-stop trusted partner with a singular focus on cybersecurity. 

And our zero trust framework is mainly focused on the how and the four core principles, micro-perimeters, identity context, enhanced security, and visibility. So for micro-perimeters, we're going to protect the asset at the asset. Identity context is using signaling and risk to drive context. Enhanced security is MFA, PKI, reduction of the information consumed throughout the systems and visibility is maintenance, continuous monitoring, and continuous response. 

So let's talk a bit about how Optiv-assisted a leading oil and gas company in the industry to begin their zero trust journey. So, this particular client was having challenges around the need for remote access solutions, reducing VPN access and authorizing access to specific business assets in the organization, moving business-critical applications to a micro-segmented network, and providing more enhanced security to a critical set of applications. 

So, leveraging the lifecycle solution approach, Optiv was able to conduct a zero trust security assessment and carried out the following steps: we reviewed and familiarized with the existing VPN and application ingress and egress points defined by the organization as is. 

We defined policies for external and internal access to those critical applications that I mentioned. We deployed a zero trust solution to support both internal and external access with MFA integration, and we provided additional advisory services for further integration of zero trust elements and capability throughout the organization. 

So, expanding beyond this one particular use case. So the benefits that this client was able to reap from this were internal and external access provided through one single solution, reduced reliance on VPN for specific sets of users and access to specific assets, and then a successful proof of concept to enable them to roll out zero trust to the broader organization. 

So, we know that this concept of zero trust can be ambiguous for many organizations, especially ones that are in the early stages of adoption. But once we solidify the understanding of the principles that I mentioned before, we're able to drive improved customer experiences with concepts such as passwordless. You can really nail down your understanding of these concepts as a result of our zero trust Readiness Assessment. 

Our zero trust security approach aims at taking organizations through a journey that involves the establishment and enhancement of capabilities across key security domains. Your zero trust journey can start with Optiv's assessment service, which helps you to develop and execute on the plan that we mentioned before. 

That plan can take shape in a few steps. Firstly, we'll assess and recommend, so we'll do baseline and periodic assessments to determine your organizational posture against zero trust requirements across those security domains. We will remediate and build. So, based on those current state assessments, we can remediate the identified gaps by executing on the maturity roadmap. 

And then we'll operate and optimize. We'll operate and continue to enhance the zero trust capabilities across those key security domains. How they apply to the broader organization. There are case studies and a service brief that will be provided by the Beyond Identity team shortly after this session that can provide you with some insight as to how Optiv's Zero Trust Readiness Assessment can set your organization up for success. 

Thank you very much.