Implementing Zero Trust: Expert Insights on Key Security Pillars and Prioritization in Digital Transformation

As organizations continue to embrace digital transformation, the need for robust cybersecurity strategies has never been more critical. This paper explores the Zero Trust Architecture (ZTA) as a contemporary cybersecurity framework that addresses the challenges posed by increasingly interconnected systems. Zero Trust (ZT) operates under the principle of “never trust, always verify,” ensuring that every access request is thoroughly authenticated, regardless of the requester’s location within or outside the network. However, implementing ZT is a challenging task, requiring an adequate roadmap to prioritize the different initiatives in agreement with company culture, exposure and cyber posture. We apply multi-criteria decision analysis (MCDA) to evaluate the relative importance of various components within a ZT framework, using the Incomplete Analytic Hierarchy Process (IAHP). Expert opinions from professionals in cybersecurity and IT governance were gathered through structured questionnaires, leading to a prioritized ranking of the eight key ZT pillars, as defined by the Cybersecurity and Infrastructure Security Agency (CISA), Washington, DC, USA, along with a prioritization of the sub-elements within each pillar. The study provides actionable insights into the implementation of ZTA, helping organizations prioritize security efforts to mitigate risks effectively and build a resilient digital infrastructure. The evaluation results were used to create a prioritized framework, integrated into the ZEUS platform, developed with Teleconsys S.p.A., to enable detailed assessments of a firm’s cyber partner regarding ZT and identify improvement areas. The paper concludes by offering recommendations for future research and practical guidance for organizations transitioning to a ZT model.