Zero trust decision analysis for next generation networks

Abstract

Zero Trust security is being adopted across companies and government organizations to continually verify cybersecurity requirements. This paper investigates architecture development methodologies that can develop a Zero Trust architecture that implements the missions of an enterprise. An enterprise architecture depends on an organization’s strategic priorities and should reflect the organization’s critical decisions. These decisions can be evaluated according to criteria such as interoperability, speed of operations tempo, and cyber-resilience to failures. Zero-Trust architectures must define alternatives tailored to missions. An enterprise architecture can then be developed that describes the context, operations, and resources associated with a strategic implementation decision. A multi-criteria decision-making method such as the Analytic Hierarchy Process can help guide the development and implementation of Zero Trust strategy. Zero Trust criteria are defined according to quality attributes associated with the DoD Reference Architecture Pillars, and security solutions are evaluated against how well they meet these criteria.