How to Implement Zero Trust in 3 Stages

Kapil Raina - October 24, 2023

Zero Trust can be challenging to implement due to complexity of the technology stack, cross departmental organizational challenges, and mapping out a process for budgeting and execution.

Although each organization’s needs are unique, CrowdStrike offers the following recommendations to move Zero Trust along a journey of maturity based on your needs and priorities:

3 stages of the zero trust maturity journey

Stage 1: Visualize

In this stage, the intent is to understand all of the resources, their access points, and the risks involved. In the NIST framework, this is a continuous process as resources will change both in terms of availability, risk, and importance.

Key Goals:

  • See all entities (identities, workloads, endpoints)
  • Understand vulnerabilities or risks for all entities to see the attack path and key resources to defend

Best Practices:

  • Avoid gaps in visibility, especially when dealing with various business units, M&A scenarios, and multi-cloud implementations (Azure, GCP, AWS, etc…).
  • Avoid identity store gaps when using multiple identity providers (AD, Entra ID, SSO, etc…)
  • Look at threats/risks against the entire Identity Store (e.g. protocol NTLM and relay attacks or Golden Ticket attacks on AD) as they compromise your entire environment very quickly
  • Looking at all entities regardless of location or owner (endpoints, workloads, humans, workloads, apps, etc..). For example, service accounts can easily be overlooked – and most will bypass additional validation (i.e. MFA or audit). Workloads (and containers) are also critical to examine since attack vectors can bypass endpoints and start at workload via privileged users.


The Complete Guide to Frictionless Zero Trust

Download the white paper to learn about frictionless zero trust and the key principles of the NIST 800-207 framework.

Download Now

Stage 2: Mitigate

In this stage, an organization is ready to detect and stop threats or mitigate impact of the breach in case a threat cannot be immediately stopped. NIST calls out automation and orchestration as this is critical for real-time detection and response.

Key Goals:

  • Real-time threat mitigation and policy response looking at mitigation at each component (endpoint, workload, identity, etc..)
  • Incorporate behavioral analytics to detect threats such as
    • Insider threats
    • Takeover of legitimate credentials
  • Limit breach impact with segmentation and least privileged principles

Best Practices:

  • Minimize operational overhead due to security policy updates by
    • Using identity based segmentation (vs. legacy way of using network and app segmentation that can change frequently)
    • Incorporating a policy model for both security and compliance/corporate needs easily
    • Need to test and ensure policy is “ready” before deploying
  • Threat detection thresholds and false positives
    • Risk analysis based on static and dynamic factors
    • Extend context with additional informational sources (including from legacy systems and SSO credentials systems)
    • Have actionable information even as ML models are learning (eg. static AD info)
  • Find threats with reduced management of data storage and analysis
    • A cloud and real-time approach minimizes data volume and management overhead requirements
  • Increase automation for faster response time and cost efficiency
    • Incorporating policy actions into existing SOAR workflows
    • Continuous adjustments (of policy, thresholds, ML, etc.)

Additional Resources:


Download our infographic and see where organizations like yours are in their Zero Trust journey, their preferred framework, key focus areas, and success metrics in operationalizing Zero Trust security.

Download Now

Stage 3: Optimize

At this stage, the goal is to extend protection to every aspect of the IT infrastructure and all resources regardless of location without creating a poor user experience (which can lead to non-compliance and lower productivity).

Key goals:

  • Deploy conditional access (risk-based) for continuous verification without compromising a positive user experience.

Best Practices:

  • Eliminate MFA fatigue with risk-based, conditional access even for privileged users (which only challenges users when risk levels change on the endpoint, identity itself, workload, or on other systems via API integrations)
  • Extend MFA protection to legacy systems to ensure a no-gap coverage (and protect the typically most vulnerable systems)
  • Detecting and responding to threats for public clouds (SaaS) and SSO credentials even if a sensor/agent is not possible to deploy

Additional Resources:

  • ZTA – Zero Trust Assessment brief

Expert Tip

When you invest in a Zero Trust solution, can that solution reduce security complexity, save money, and reduce time to identify and remediate breaches? The answer is a resounding ‘YES’! Watch this webcast to explore real-life use cases for Zero Trust that affect your profit margin and overhead to support the whole program.How to Maximize ROI with Frictionless Zero Trust


Kapil Raina, a cybersecurity marketing executive of 20+ years, has built and led product, marketing, sales, and strategy teams at startups and large brands such as VeriSign, VMware, and Zscaler. Mr. Raina, currently serves as CrowdStrike’s VP of Zero Trust & Identity Protection marketing. He was previously the VP of Marketing at Preempt Security, which was acquired by CrowdStrike. He is a recognized speaker and author of books on AI, PKI, Mobile Commerce, Biometrics, and other security topics. Mr. Raina holds a B.S. from the University of Michigan (Ann Arbor) in Computer Engineering.