* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Products and Services](https://www2.paloaltonetworks.com/blog/category/products-and-services/)
* How to Launch an Effectiv...

# How to Launch an Effective Zero Trust Initiative

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Flaunch-an-effective-zero-trust-initiative%2F)  
[](https://twitter.com/share?text=How+to+Launch+an+Effective+Zero+Trust+Initiative&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Flaunch-an-effective-zero-trust-initiative%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Flaunch-an-effective-zero-trust-initiative%2F&title=How+to+Launch+an+Effective+Zero+Trust+Initiative&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/07/launch-an-effective-zero-trust-initiative/&ts=markdown)  
\[\](mailto:?subject=How to Launch an Effective Zero Trust Initiative)  
Link copied  
By [Drew Epperson](https://www.paloaltonetworks.com/blog/author/drew-epperson/?ts=markdown "Posts by Drew Epperson")  
Jul 07, 2022  
6 minutes  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[SLED](https://www.paloaltonetworks.com/blog/tag/sled/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)  
[ZTNA](https://www.paloaltonetworks.com/blog/tag/ztna/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2022/07/launch-an-effective-zero-trust-initiative/?lang=ja "Switch to Japanese(日本語)")

We define Zero Trust as a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Boiled down, Zero Trust simplifies risk management to a single use case: the removal of all implicit trust for users, applications and infrastructure. It's a way for government agencies and other organizations to build resilience into their IT networks and environments.

Nearly a year after President Biden signed the [Executive Order on Improving the Nation's Cybersecurity](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/), many federal agencies are making significant progress on their Zero Trust journey. The great news is that agencies are further along with Zero Trust than most people assume. More than [70%](https://www.businesswire.com/news/home/20220125005864/en/More-than-90-Percent-of-Federal-Cybersecurity-Decision-Makers-Have-Increased-Confidence-in-Implementing-Zero-Trust-following-Government-Mandates) of federal agencies are aggressively adopting Zero Trust principles. Some are well-positioned to accelerate their efforts because of investments in digital transformation, which include rebuilding and improving their security approach. But, even these federal agencies are feeling more pressure to speed their Zero Trust journey, following the January release of the[federal Zero Trust architecture strategy from the U.S. Office of Management and Budget,](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf) which outlines aggressive implementation deadlines.

## Changing the Mindset

As the federal government increases its focus on Zero Trust, there are some core Zero Trust tenets that will be helpful for agency IT leaders to understand:

* **Adopting a Zero Trust Approach Is a Continuous Journey --** It is not a one-time implementation. I like to say that Zero Trust is an operational philosophy requiring a change in mindset -- a fundamental shift in how we design, implement and maintain cybersecurity postures.
* \*\*Building a Comprehensive Zero Trust Plan Is Paramount --\*\*Focusing on a specific product or a narrow technology does not equal Zero Trust. Zero Trust must be an end-to-end approach encompassing the entire IT ecosystem of controls -- network, endpoints, cloud, applications, Internet of Things devices, identity and more.
* \*\*Understanding that ZTNA Is Only a Component of Zero Trust --\*\*The terms Zero Trust Network Access (ZTNA) and Zero Trust are not interchangeable. It's actually a very common misnomer. ZTNA applies specifically to remote users accessing company applications and services, and is an element of the bigger Zero Trust story. While ZTNA is extremely important (especially within the reality of a new, hybrid workforce) just implementing ZTNA is not enough.

## Getting Started

Ultimately, Zero Trust isn't a flip-the-switch effort to enhance cybersecurity. It will take time. And as I mentioned above, it's a continuous journey. While some agencies are moving well along with Zero Trust initiatives, others are struggling with how to get started. ZTNA actually offers a logical starting point into a broader Zero Trust strategy. But, the good news is that your agency can start implementing the Zero Trust process anywhere. You can use existing tools and capabilities to establish a starting line. For those in early stages, there are some factors to consider to help ensure a successful outcome.

## Plan for an Incremental Approach

Like every journey, Zero Trust requires a map or plan of action in order to move forward effectively. My advice: don't attempt to boil the ocean. Where you start will vary from one agency to the next. Deciding that depends on assessing how Zero Trust can be applied relative to your current environment. Think carefully about your focus areas and prioritize them. Review the different federal specifications that are available, such as [NIST](https://www.nist.gov/publications/zero-trust-architecture),[CISA](https://www.cisa.gov/sites/default/files/publications/CISA%20Zero%20Trust%20Maturity%20Model_Draft.pdf) and [DOD](<https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf>), and select what will best support your organization's goals.

Taking on Zero Trust does not mean starting from scratch with your infrastructure. Conduct a rationalization of existing IT investments. Decide what your organization is actually using, what is working, what could be reconfigured or redeployed, and what new investments are truly needed. If you decide to start in an area that requires a new investment, identify funding programs or vehicles that can help fast-track the effort. Be sure to assess current security capabilities and whether they are used as effectively as possible. Consider which can be leveraged toward applying Zero Trust best practices quickly.

## Engage Leadership from the Start

Support from the top down is important for moving forward efficiently with Zero Trust. As mentioned previously, this often requires a mindset shift among leadership. Proactive, substantive conversations on the plan and its goals must occur, with the CISO included at the head table to engage in discussions and direction. This dialogue can also help move the cybersecurity budget from insufficient to appropriate.

Approach the plan holistically, aligning with a board, CIO or both, as well as driving a broader Zero Trust culture across your agency. Consider creating a Zero Trust center of excellence, and assign a chief Zero Trust architect to champion the process.

Remember you have an opportunity to rebuild security properly. A solid plan will help avoid getting overburdened by the complexity of too many security controls. Focus on having fewer tools that leverage automation for maximum resource efficiency.

## Make It Actionable

Achieving Zero Trust requires determining what your organization needs to reduce acute risk and achieve resilience. Many organizations start with identity mechanisms like multifactor authentication, applying least-privilege access or ZTNA. Again, approach this incrementally; develop a roadmap and align it to your chosen maturity model. As you implement additional Zero Trust capabilities, help support your agency's transformation by maximizing the potency of new and existing investments to ensure the best possible security outcomes.

Adding metrics to your plan will also help keep it actionable and on track. Set goals for securing users, applications and infrastructure across the full spectrum of touch points, such as authenticating identity, verifying device and workload integrity, enforcing least-privilege access and scanning all transactions for legitimacy.

With these fundamentals in place, you can confidently begin your Zero Trust journey. Will it be easy to adopt? No, but getting started shouldn't be hard. Having well-defined Zero Trust tenets and requirements will help set a common expectation of what needs to be achieved to be secure, at least making the path of a challenging journey clear.

Zero Trust represents a fundamental change in how all of us will design, implement and maintain cybersecurity postures for the long term. Success will require a solid, methodical plan, strong organizational support and true partnership between government and industry to get us there.

## Learn More about Zero Trust

Find out more about how you can [strengthen security with Zero Trust](https://www.paloaltonetworks.com/accelerating-your-zero-trust-journey-in-public-sector.html). Contact the Palo Alto Networks [federal team](https://www.paloaltonetworks.com/industry/federal#public-sector-contact-form) for additional information.

Be sure to follow the [Public Sector LinkedIn page](https://www.linkedin.com/showcase/palo-alto-networks-publicsector) for more articles like this.

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### How to Balance the Zero Trust Journey with the Speed of the Mission](https://www2.paloaltonetworks.com/blog/2022/06/balance-zero-trust-journey-with-the-speed-of-the-mission/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Google Cloud Partners with Palo Alto Networks](https://www2.paloaltonetworks.com/blog/2022/02/google-cloud-partners-with-palo-alto-networks/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Zero Trust: The Key to a Hybrid Workforce](https://www2.paloaltonetworks.com/blog/2023/06/zero-trust-the-key-to-a-hybrid-workforce/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Network Segmentation for the NHS](https://www2.paloaltonetworks.com/blog/2023/06/network-segmentation-for-the-nhs/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Cybersecurity Guidelines for New Governors](https://www2.paloaltonetworks.com/blog/2023/02/cybersecurity-guidelines-for-new-governors/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### The Zero Trust Journey for Federal Agencies: The Next Phase](https://www2.paloaltonetworks.com/blog/2022/08/the-zero-trust-journey-for-federal-agencies/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language