{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T01:02:45Z","timestamp":1777424565327,"version":"3.51.4"},"reference-count":31,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2025,8,5]],"date-time":"2025-08-05T00:00:00Z","timestamp":1754352000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>As organizations continue to embrace digital transformation, the need for robust cybersecurity strategies has never been more critical. This paper explores the Zero Trust Architecture (ZTA) as a contemporary cybersecurity framework that addresses the challenges posed by increasingly interconnected systems. Zero Trust (ZT) operates under the principle of \u201cnever trust, always verify,\u201d ensuring that every access request is thoroughly authenticated, regardless of the requester\u2019s location within or outside the network. However, implementing ZT is a challenging task, requiring an adequate roadmap to prioritize the different initiatives in agreement with company culture, exposure and cyber posture. We apply multi-criteria decision analysis (MCDA) to evaluate the relative importance of various components within a ZT framework, using the Incomplete Analytic Hierarchy Process (IAHP). Expert opinions from professionals in cybersecurity and IT governance were gathered through structured questionnaires, leading to a prioritized ranking of the eight key ZT pillars, as defined by the Cybersecurity and Infrastructure Security Agency (CISA), Washington, DC, USA, along with a prioritization of the sub-elements within each pillar. The study provides actionable insights into the implementation of ZTA, helping organizations prioritize security efforts to mitigate risks effectively and build a resilient digital infrastructure. The evaluation results were used to create a prioritized framework, integrated into the ZEUS platform, developed with Teleconsys S.p.A., to enable detailed assessments of a firm\u2019s cyber partner regarding ZT and identify improvement areas. The paper concludes by offering recommendations for future research and practical guidance for organizations transitioning to a ZT model.<\/jats:p>","DOI":"10.3390\/info16080667","type":"journal-article","created":{"date-parts":[[2025,8,5]],"date-time":"2025-08-05T10:50:21Z","timestamp":1754391021000},"page":"667","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Implementing Zero Trust: Expert Insights on Key Security Pillars and Prioritization in Digital Transformation"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5542-843X","authenticated-orcid":false,"given":"Francesca","family":"Santucci","sequence":"first","affiliation":[{"name":"Unit of Automatic Control, Department of Engineering, Universit\u00e0 Campus Bio-Medico di Roma, 00128 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7257-4079","authenticated-orcid":false,"given":"Gabriele","family":"Oliva","sequence":"additional","affiliation":[{"name":"Unit of Automatic Control, Department of Engineering, Universit\u00e0 Campus Bio-Medico di Roma, 00128 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria Teresa","family":"Gonnella","sequence":"additional","affiliation":[{"name":"Unit of Automatic Control, Department of Engineering, Universit\u00e0 Campus Bio-Medico di Roma, 00128 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria Elena","family":"Briga","sequence":"additional","affiliation":[{"name":"Teleconsys S.p.A., 00144 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mirko","family":"Leanza","sequence":"additional","affiliation":[{"name":"Teleconsys S.p.A., 00144 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marco","family":"Massenzi","sequence":"additional","affiliation":[{"name":"Teleconsys S.p.A., 00144 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luca","family":"Faramondi","sequence":"additional","affiliation":[{"name":"Unit of Automatic Control, Department of Engineering, Universit\u00e0 Campus Bio-Medico di Roma, 00128 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8792-2520","authenticated-orcid":false,"given":"Roberto","family":"Setola","sequence":"additional","affiliation":[{"name":"Unit of Automatic Control, Department of Engineering, Universit\u00e0 Campus Bio-Medico di Roma, 00128 Rome, Italy"},{"name":"Consorzio Nazionale Interuniversitario per i Trasporti e la Logistica (NITEL), 00182 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,8,5]]},"reference":[{"key":"ref_1","unstructured":"Temporale, E. (2024). Analisi dell\u2019Impatto della Cybersecurity Nelle Imprese Italiane = Analysis of the Impact of Cybersecurity in Italian Companies. [Ph.D. Thesis, Politecnico di Torino]."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"105","DOI":"10.30574\/wjarr.2023.19.3.1785","article-title":"Zero trust architecture: Redefining network security paradigms in the digital age","volume":"19","author":"Khan","year":"2023","journal-title":"World J. Adv. Res. Rev."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"57143","DOI":"10.1109\/ACCESS.2022.3174679","article-title":"Zero trust architecture: A comprehensive survey","volume":"10","author":"Syed","year":"2022","journal-title":"IEEE Access"},{"key":"ref_4","unstructured":"Cloudflare (2025, June 22). Una Roadmap Verso l\u2019Architettura Zero Trust. White Paper. Available online: https:\/\/cf-assets.www.cloudflare.com\/slt3lc6tev37\/9jyDLdW3VXPGwChDCCnrx\/2813462cacd5433bc9ca629f5edc1c43\/Whitepaper_A-Roadmap-to-Zero-Trust-Architecture_Italian_20220826.pdf."},{"key":"ref_5","unstructured":"Canadian Centre for Cyber Security (2025, April 15). Zero Trust Security Model (ITSAP.10.008). Available online: https:\/\/www.cyber.gc.ca\/en\/guidance\/zero-trust-security-model-itsap10008."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1109\/OJCS.2024.3505056","article-title":"Emerging Technologies Driving Zero Trust Maturity Across Industries","volume":"6","author":"Joshi","year":"2024","journal-title":"IEEE Open J. Comput. Soc."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Rose, S., Borchert, O., Mitchell, S., and Connelly, S. (2020). Zero Trust Architecture (Standard No. NIST SP 800-207). Available online: https:\/\/www.nist.gov\/publications\/zero-trust-architecture.","DOI":"10.6028\/NIST.SP.800-207-draft2"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"19487","DOI":"10.1109\/ACCESS.2023.3248622","article-title":"A comprehensive framework for migrating to zero trust architecture","volume":"11","author":"Phiayura","year":"2023","journal-title":"IEEE Access"},{"key":"ref_9","unstructured":"Department of Defense (DoD) (2025, June 22). DoD Zero Trust Strategy, Available online: https:\/\/dodcio.defense.gov\/Portals\/0\/Documents\/Library\/DoD-ZTStrategy.pdf."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"103412","DOI":"10.1016\/j.cose.2023.103412","article-title":"Zero trust cybersecurity: Critical success factors and A maturity assessment framework","volume":"133","author":"Yeoh","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"318","DOI":"10.1016\/j.mcm.2010.02.047","article-title":"On optimal completion of incomplete pairwise comparison matrices","volume":"52","year":"2010","journal-title":"Math. Comput. Model."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1016\/j.automatica.2017.07.051","article-title":"Sparse and distributed analytic hierarchy process","volume":"85","author":"Oliva","year":"2017","journal-title":"Automatica"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Oliva, G., Schlueter, M., Munetomo, M., and Scala, A. (2022). Dynamical intervention planning against COVID-19-like epidemics. PLoS ONE, 17.","DOI":"10.1371\/journal.pone.0269830"},{"key":"ref_14","unstructured":"Teleconsys (2025, June 22). Brochure ZEUS. Available online: https:\/\/www.teleconsys.it\/zeus."},{"key":"ref_15","unstructured":"P\u00f6ppelbu\u00df, J., and R\u00f6glinger, M. (2011). What makes a useful maturity model? A framework of general design principles for maturity models and its demonstration in business process management. ECIS 2011 Proc., 28. Available online: https:\/\/aisel.aisnet.org\/ecis2011\/28."},{"key":"ref_16","unstructured":"Cybersecurity and Infrastructure Security Agency (CISA) (2023, April 12). Zero Trust Maturity Model Version 2, Available online: https:\/\/www.cisa.gov\/sites\/default\/files\/2023-04\/zero_trust_maturity_model_v2_508.pdf."},{"key":"ref_17","unstructured":"National Institute of Standards and Technology (2025, June 06). The NIST Cybersecurity Framework (CSF) 2.0, Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.29.pdf."},{"key":"ref_18","unstructured":"Microsoft (2025). Zero Trust Vision Paper, Microsoft."},{"key":"ref_19","unstructured":"Palo Alto Networks (2025, June 06). How Palo Alto Networks Supports the NIST Cybersecurity Framework. Available online: https:\/\/www.paloaltonetworks.com\/resources\/whitepapers\/nist-csf-fulfillment-with-palo-alto-networks."},{"key":"ref_20","unstructured":"PixelPlex (2025, April 14). How to Implement Zero Trust Architecture in 5 Steps. Available online: https:\/\/pixelplex.io\/blog\/how-to-implement-zero-trust\/."},{"key":"ref_21","unstructured":"Keusseyan, R. (2025, April 14). Demystifying Cybersecurity: Zero Trust Architecture in a Nutshell. Available online: https:\/\/blog.isec7.com\/en\/demystifying-cybersecurity-zero-trust-architecture-in-a-nutshell."},{"key":"ref_22","unstructured":"Cybersecurity and Infrastructure Security Agency (2025, June 06). Federal Information Security Modernization Act, Available online: https:\/\/www.cisa.gov\/topics\/cyber-threats-and-advisories\/federal-information-security-modernization-act."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"6476274","DOI":"10.1155\/2022\/6476274","article-title":"A survey on zero trust architecture: Challenges and future trends","volume":"2022","author":"He","year":"2022","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_24","unstructured":"Europea Commission (2025, June 06). Direttiva NIS2: Nuove Norme Sulla Sicurezza Informatica di Reti e Sistemi Informativi. Available online: https:\/\/digital-strategy.ec.europa.eu\/it\/policies\/nis2-directive."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1016\/0022-2496(77)90033-5","article-title":"A scaling method for priorities in hierarchical structures","volume":"15","author":"Saaty","year":"1977","journal-title":"J. Math. Psychol."},{"key":"ref_26","unstructured":"Securside (2025, June 06). DecisionHub. Available online: https:\/\/secureside.io\/."},{"key":"ref_27","unstructured":"ENISA (2025, June 06). Foresight Cybersecurity Threats for 2030. Available online: https:\/\/www.enisa.europa.eu\/publications\/enisa-foresight-cybersecurity-threats-for-2030."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ejor.2004.04.028","article-title":"Analytic hierarchy process: An overview of applications","volume":"169","author":"Vaidya","year":"2006","journal-title":"Eur. J. Oper. Res."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1016\/0377-2217(90)90073-K","article-title":"Eigenvector and logarithmic least squares","volume":"48","author":"Saaty","year":"1990","journal-title":"Eur. J. Oper. Res."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Menci, M., Oliva, G., Papi, M., Setolal, R., and Scala, A. (2018, January 12\u201315). A suite of distributed methodologies to solve the sparse analytic hierarchy process problem. Proceedings of the 2018 European Control Conference (ECC), Limassol, Cyprus.","DOI":"10.23919\/ECC.2018.8550604"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Godsil, C., and Royle, G.F. (2001). Algebraic Graph Theory, Springer Science & Business Media.","DOI":"10.1007\/978-1-4613-0163-9"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/8\/667\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:23:18Z","timestamp":1760034198000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/8\/667"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,5]]},"references-count":31,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2025,8]]}},"alternative-id":["info16080667"],"URL":"https:\/\/doi.org\/10.3390\/info16080667","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,5]]}}}