The term “eat your own dog food” gets tossed around in the security/cyber industry regularly. Most of the time this phrase is pointed at vendors that are selling a solution. The point being made by the potential buyer is, “If a vendor won’t use its own stuff, why would I buy it to help me secure my enterprise?” A fair question. And one that I personally think needs to be made in reference to our positioning on Zero Trust.

Forrester has been preaching the gospel of Zero Trust for years. It is time we moved from theory to practice, and to do that, I intend to eat my own dog food on Zero Trust.

Of 400-plus inquiries in the last year on the topics of Zero Trust and ZTX, about 75% of them had some note within that asked “Where do we start” or “How do we do this?” Great points to make, and in the course of 2018, the response was usually around strategy and a discussion on the theory and concept of the application of ZT and ZTX to an enterprise.

To answer those initial questions with more practicality, we are endeavoring on the following in 2019.

Our team will build out sample virtual environments to demonstrate practical deployments of Zero Trust using a variety of solutions for secure access, microsegmentation, monitoring, network security, device security, etc.

Our “Versions” Of This Build Will Be Initially Focused On Two Approaches

  1. An open source build, in which the construct is configured with open source tools and seeks to be as aligned with Zero Trust as possible while having almost no real expense. For this we will use a variety of open source tooling and will work to make the infrastructure technically synergistic with Zero Trust tenets, without any real-world costs associated with the procurement of solutions.
  2. A vendor-enabled build, in which our team will solicit for a variety of vendor solutions from those select vendors that have been/are mentioned in past reports, inquiries, and have Forrester mindshare as related to being noted as Zero Trust enablers. Those solutions will be placed in operation in our live virtual infrastructure and will be configured with support from the vendor community.
  3. The entirety of our constructed reference architectures will be hosted by our partners at HyperQube. This virtual infrastructure development platform allows Forrester to build, copy, deploy, and share our sample networks using only a web link. HyperQube is a vendor-neutral solution and is functioning as the platform we use to design and deploy our virtual infrastructures within.

The Outcome Of This Whole Exercise Is Aimed At Producing

  • For vendors and end users, we will provide feedback and some media coverage (e.g., blogs, social media posts, etc.) regarding our experiences deploying the solution (e.g., how their support works, where there are issues, etc.)
  • Follow on written research stemming from the initiative, we are currently planning a report tentatively titled “Building Zero Trust Infrastructures” for the second half of 2019. We may also write shorter reports throughout the year and next year providing sample ZT architectures for specialized scenarios, industries, or unique combinations of solutions, and, in the future, an example of compliance-focused infrastructure builds.
  • We will not be comparing and contrasting vendor solutions, nor will we rate the vendor solutions in any way in any of the written research as a result of this endeavor. This exercise is focused entirely on practical application of tooling and technology to solve the problem of enabling Zero Trust, and in no way do we plan to produce a rating of any solutions. This is about use, not measurement.

Our Sincere Hope For This Effort Is That Those Who Seek Real-World Deployments Or Have Questions On Enabling Zero Trust Will Benefit From This Initiative

  • Enterprise clients will gain concrete examples of Zero Trust deployments.
  • Forrester will be working to write in-depth research and best practices from hands-on deployments and in real-world use cases.
  • Vendors will be able to demonstrate their Zero Trust capabilities and receive practical feedback in a functional virtual network.

Time to get to it and start eating our own dog food, one spoon at a time.