“Begin with the end in mind.”

– Stephen Covey

Now that we understand why Zero Trust is so important and what it involves, let’s take a look at what success looks like for this (continuous) journey.

To be blunt, the world is littered with failed technology-related projects. You can confirm this with a quick internet search for “IT project failure rate” or ask any experienced colleague in your organization for a story about a failed technology project. Zero Trust is simply too important to get wrong. We can’t risk failing because of something we could have easily avoided.

This playbook series is designed to help you avoid failure in implementing Zero Trust by using proven models and applying best practices from real-world deployments of Zero Trust and other technology projects. This helps you avoid common causes of project failure, which are sometimes called antipatterns.

This chapter discusses...

“Good judgment comes from experience, and experience comes from bad judgment.”

– Fred Brooks

Let’s dive into how to avoid common pitfalls on the Zero Trust journey. These three success factors are based on direct Zero Trust experience and other large technology initiatives we have observed over the years. These three factors represent the hallmarks of successful initiatives and programs, factors that are typically weak or missing on failed projects.

These success factors are embedded into the fabric of the Zero Trust playbooks to make it easier for you to avoid common sources of friction and failure. We will directly or indirectly refer to many of these success factors and how they apply to business leaders, technical leaders, technical managers, architects, and technology practitioners.

The job is never done

It’s important to recognize that Zero Trust is a transformation to a dynamic state...

To ensure everyone is on the same page and moving in the same direction, it’s critical to have a clear strategy and plan to coordinate these efforts. This must be agile, must account for any unique aspects of your organization, and must be integrated into the organization’s operating model to sustain it and keep it on track.

Good news! You found this book series, which is designed to help you with building a clear strategy and plan!

This book series is structured into reference playbooks designed to guide each role on their part to play in Zero Trust. It includes the reference models, architectures, models, and strategies you need to pull this off. The playbooks include examples of how to integrate Zero Trust into different industries and organizational operating models and how to structure your Zero Trust operating model.

Tailoring the playbook to your organization and defining clear progress metrics will create clarity...

It’s critical to establish or reinforce key mindsets and cultural elements to shift security expectations and habits for stakeholders and roles across the organization. These go beyond the literal plan and create an invisible human fabric that helps everyone make similar decisions. This also helps people feel like they are on a common mission and work better together as they figure out this new world.

You can make partial progress on Zero Trust without the organization completely adopting these mindsets, but you will face greater organizational friction each step of the way. The effort will be slower, costlier, and less effective.

This section defines patterns of repeatable behaviors that lead to Zero Trust success and security agility. These patterns help guide organizations through cultural change and adapting to a Zero Trust culture by driving the right mindsets and cultural elements. Each of the following patterns...

I cannot solve problems that I don’t see or understand.

The third critical success factor that enables digital, cloud, and Zero Trust transformations to go smoothly is the use of human empathy—focusing on the human experience of the transformation.

We can’t overstate the importance of the human side of this simultaneous transformation. Managing the human experience of change within ourselves and within our teams is a critically important success factor for the following reasons:

• These transformations are made by people on your teams, and we all feel the impact of these transformations on our lives, jobs, careers, and more. Additionally, we are moving from static business processes (designed to be carried out by any qualified person in a role) to dynamic business processes where judgment calls and empathy are required to understand customers and their needs and ensure the organization is meeting them.
• Change...

In this chapter, we examined three key success factors to help avoid common causes of failures—having a clear strategy, security mindsets and cultural shifts, and human empathy. These help you avoid common antipatterns (common mistakes) seen in Zero Trust and other technology initiatives. Each playbook includes specific antipatterns to avoid—for business leaders, technical leaders, architects, and technical managers, and for IT and security practitioners.

Next up, in Chapter 8, Adoption with the Three-Pillar Model, we will describe how the three-pillar model helps you meet these success factors.