Simplifying Security

Scale is the most important consideration as industry transforms information security and assurance across our supply chains. The transition to zero trust presents us with an opportunity to embrace network and security architectures that scale by centralizing the configuration and management of our systems, devices, and software. A focus on improving scale has the potential to not only improve security for organizations of all sizes but to also reduce the ongoing lack of qualified cybersecurity professionals. Scalable zero trust architectures can help to fully automate assurance with expected network and asset configurations, policies, and measurements. The approach minimizes individual security management tasks for both small organizations that may lack the necessary resources to achieve essential cyber hygiene as well as for large organizations that manage tens of thousands of systems. This paper proposes solutions to automate the foundations of a security program and thereby help organizations of any size to transition to zero trust at scale.