It's that time of year: When folks make up their minds that things are going to change. The gym is full of new members who are eager to get into their journey toward some other semblance of better health, or a beach body, or some change that they desire. Others are in that annual state of looking at something that they want to change for the long haul and will probably wind up putting their "commitment" online somewhere. When you post it to Facebook, that makes it real, right...?
Also: The Tao of Zero Trust
That's not a bad thing. It's a great thing when a person decides to get healthier, and they contemplate what that means for their future. It is a good thing to think about what has changed, as another year has ticked off the clock, and we all look forward to seeing where things might get better. All of that is good.
However, when a cycle continues to repeat itself, it is not a "resolution." It is a "revolution." To continually do the same thing, think about change and allow the idea of what might be to roll around in our heads without putting those ideas into actionable steps, is where the "revolution" continues and, ultimately, nothing changes. Usually, by the end of January, mid-February at best, the lines of newly "committed" gymgoers are dwindling, and most of those other "resolutions" are quickly falling into the oblivion that is daily life. The everyday stuff gets in the way of what we all said had mattered enough for us to sit down and think about what we wanted to do differently. The task lists and emails and thousand other things whittle away at what could have been a year of difference-making steps, and the revolution continues. And on and on it goes.
I'm in the same boat as everyone else, by the way; this is not a sermon. Like most other folks, I, too, have decided on some things that I wanted to change, and I swore I was going to do that, and then life got in the way, and my plans slowly dissolved. Well, that used to be how I went about it -- until I got off the revolution cycle and made a few real resolutions. I had to change my way of even thinking about how I would approach the issues before I had a chance to do something about it. The items I decided to resolve to change were small, achievable, difficult, deeply personal changes that I needed to make. For a variety of reasons, some change in my life needed to happen. So, a few New Years ago, I sat down and put those goals on a piece of paper. I broke them out into line items that had reminders and time commitments tied to them, and I set up my phone and my calendar to remind me and prompt me twice a day to take small steps needed to move toward the final place that would mean I had gotten closer to my objective.
Have I completed all those tasks yet? Not entirely. (Some of them are lifelong changes that I am still working on.) Have I had setbacks and failures that, in a few instances, gutted me on a personal level where I was ready to give up? Yes. But that's how the process of change is -- it hurts, and it takes time. The goals one sets shouldn't be easy, and they also shouldn't be too big to get done, and you should remember this is going to hurt sometimes. If you approach these goals in any other manner, then it's a rarity when you achieve the end state you were looking for. Most of the time, you'll continue to ride the revolving wheel of "I'll do it later."
It's a new decade, and technology has finally caught up to a point where making a change in how we secure the infrastructure of the future is possible. Zero Trust is an achievable end state for an organization. But just like the changes that are desired around New Year's, a real resolution is required to make that end state possible. Planning, strategic decisions, and specific technical selections and solution alignment must be put in place. And a real commitment to the long term must be adopted, as well as an understanding that things will go awry that has to be part of that commitment. I have seen a lot of organizations over the last year that understand the value that can come from changing their strategic approach to how they build security into the core of their networks and systems. But only those organizations that are very specific and realistic in their understanding of how long it might take to dig themselves out of decades of less-than-optimal decision making are the ones that have the highest chance of success.
This is the decade to make changes -- changes in our approach to the problem itself and changes in how we think about the problem. Time, technology, and vendor tooling have finally met in the middle and are making those changes technically possible. All the components to make a Zero Trust infrastructure possible are out there on the market.
So, we can change and use a plan to make that change happen -- or we can talk about change, and we can let that opportunity slip away while we continue revolving... not resolving.
Principal Analyst Chase Cunningham wrote this post, and it originally appeared here.