STEP-BY-STEP APPROACH TO IMPLEMENTING ZERO TRUST IN HYBRID CORPORATE SECURITY SYSTEMS
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1029Keywords:
Zero Trust, implementation, methodology, step-by-step approach, security architecture, corporative security, risk assessment, maturity model, microsegmentation, IAM, UEM, SIEM, SOAR, network security, information security.Abstract
This article explores opportunities of implementing Zero Trust (ZT) model into organizations with Perimeter-Based security system. It describes changes that occurred in recent years and had an impact on organizations’ corporate security systems. The reasons of the declining relevance of Perimeter-Based model and its shortcomings have been explained. Explained why organizations increasingly adopt Zero Trust in their information security systems and which problems of Perimeter-Based model it solves. Outlined problems that organizations usually encounter during ZT implementation. Presented brief overview of Zero Trust model. This includes a description of its core principles, experts’ perspectives on the model, and considerations regarding its implementation. The specific features of implementing Zero Trust within organizations’ existing security systems have been examined. It has been established that the effective implementation of Zero Trust requires a comprehensive, multi-step approach. The initial steps involve auditing the current state of an organization’s information security and assessing the risks associated with its assets. These preparatory measures aim to define the scope of implementation and identify the organization’s priority needs regarding ZT. The next step is defining and implementation of security policies. It has been established that the main part of implementation process is direct deployment of functionalities that enforce principles of Zero Trust. It begins with developing implementation plan, specifying which security measures will be applied to particular system components and in what sequence. To measure completeness of Zero Trust, an example of “maturity model” has been provided. Additionally, the functionalities whose implementation enforces the principles of Zero Trust, as well as the relationships between them, were presented. This also includes a description of network microsegmentation, the implementation of MFA technologies and IAM (Identity and Access Management) systems, the use of UEM and UDR solutions for device control, as well as SIEM for threat detection and SOAR for automating and coordinating the security system. As a conclusion of the implementation process, the necessity for continuous review and improvement of the security system has been substantiated. Practical examples of Zero Trust implementation have also been examined, demonstrating the effectiveness and relevance of transitioning to a Zero Trust architecture. The results may serve as practical demonstration of capabilities and benefits of transitioning to a ZT security architecture, to provide an understanding of the challenges encountered during its implementation, and define effective and cost-efficient approach to carry out this process.
Downloads
References
National Institute of Standards and Technology. (n.d.). NIST Special Publication 800-207. Zero Trust Architecture. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf (accessed 22.11.2025)
MITRE. (n.d.). MITRE ATT&CK® framework. https://attack.mitre.org/ (accessed 22.11.2025)
FAIR Institute. (2025). FAIR 3.0. Factor Analysis of Information Risk. https://www.fairinstitute.org/hubfs/Standards%20Artifacts/Factor%20Analysis%20of%20Information%20Risk%20%28FAIR%29%20Standard%20v3.0%20%28January%202025%29.pdf (accessed 22.11.2025)
Palo Alto Networks. (n.d.). Asset discovery and prioritization. https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices/zero-trust-best-practices/the-five-step-methodology/step-1-asset-discovery-and-prioritization (accessed 22.11.2025)
Papakonstantinou, N., Van Bossuyt, D., Linnosmaa, J., Hale, B., & O'Halloran, B. (2021). A zero trust hybrid security and safety risk analysis method. Journal of Computing and Information Science in Engineering, 21, 1–26. https://www.researchgate.net/publication/350440983_A_Zero_Trust_Hybrid_Security_and_Safety_Risk_Analysis_Method (accessed 22.11.2025)
Weinberg, A., & Cohen, K. (2024). Zero trust implementation in the emerging technologies era: A survey. Complex Engineering Systems, 4. https://www.researchgate.net/publication/384451867_Zero_trust_implementation_in_the_emerging_technologies_era_a_survey/citation/download (accessed 22.11.2025)
Oladimeji, G. (2024). A critical analysis of foundations, challenges and directions for Zero Trust security in cloud environments. arXiv. https://doi.org/10.48550/arXiv.2411.06139 (accessed 22.11.2025)
Cao, Y., Pokhrel, S., Zhu, Y., Doss, R., & Li, G. (2024). Automation and orchestration of Zero Trust architecture: Potential solutions and challenges. Machine Intelligence Research, 21. https://www.researchgate.net/publication/377719977_Automation_and_Orchestration_of_Zero_Trust_Architecture_Potential_Solutions_and_Challenges (accessed 22.11.2025)
Teerakanok, S., Uehara, T., & Inomata, A. (2021). Migrating to Zero Trust architecture: Reviews and challenges. Security and Communication Networks. https://www.researchgate.net/publication/351879191_Migrating_to_Zero_Trust_Architecture_Reviews_and_Challenges (accessed 22.11.2025)
Sunkara, G. (2025). Implementing Zero Trust architecture in modern enterprise networks. SAMRIDDHI: A Journal of Physical Sciences, Engineering and Technology, 17(11). https://www.researchgate.net/publication/393185151_Implementing_Zero_Trust_Architecture_in_Modern_Enterprise_Networks (accessed 22.11.2025)
Sanchez Garcia, I., Mejia, J., & San Feliu, T. (2022). Cybersecurity risk assessment: A systematic mapping review, proposal, and validation. Applied Sciences, 13(395). https://www.researchgate.net/publication/366660649_Cybersecurity_Risk_Assessment_A_Systematic_Mapping_Review_Proposal_and_Validation (accessed 22.11.2025)
Olzak, T. (2025). Cybersecurity risk analysis and management. ResearchGate. https://www.researchgate.net/publication/389652223_Cybersecurity_Risk_Analysis_and_Management (accessed 22.11.2025)
Poirrier, A., Cailleux, L., & Clausen, T. (2025). Is trust misplaced? A Zero-Trust survey. Proceedings of the IEEE, 1–35. https://www.researchgate.net/publication/391001687_Is_Trust_Misplaced_A_Zero-Trust_Survey (accessed 22.11.2025)
Microsoft. (n.d.). What is identity access management (IAM). https://www.microsoft.com/uk-ua/security/business/security-101/what-is-identity-access-management-iam (accessed 22.11.2025)
Microsoft. (n.d.). What is SOAR? https://www.microsoft.com/uk-ua/security/business/security-101/what-is-soar (accessed 22.11.2025)
Cybersecurity and Infrastructure Security Agency. (n.d.). CISA Zero Trust Maturity Model. https://www.cisa.gov/zero-trust-maturity-model (accessed 22.11.2025)
Schneider, M. (2025). Zero Trust Architecture: Complete implementation guide for enterprise organizations 2025. ATLAS Advisory. https://atlas-advisory.eu/en/insights/zero-trust-architecture-guide (accessed 22.11.2025)
Phiayura, P., & Teerakanok, S. (2023). A comprehensive framework for migrating to Zero Trust architecture. IEEE Access, 1–1.
Abdelmagid, A., & Diaz, R. (2025). Zero Trust architecture as a risk countermeasure in small–medium enterprises and advanced technology systems. Risk Analysis, 45, 2390–2414.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Остап Городицький, Іван Опірський
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
