Many vendors refer to zero trust as “never trust, always verify.” But, realistically, trust needs to be extended so that users can get their work done. That’s why the term “zero trust” is a misnomer. While zero trust begins with an initial security posture of default deny, allowing users to do their work means that once trust is established, security and risk management leaders must be able to continuously assess trust—and a great way to do that is by following the Gartner CARTA approach.
Rather than relying on incumbent, network-centric solutions that are susceptible to risk from inside and outside the network, Gartner recommends that enterprises in the midst of digitalization embrace a software-defined perimeter (SDP) service and focus on micro-segmentation. SDPs allow teams to establish trust, provide secure access based on adaptive controls via outbound connections, and monitor activity for continuous risk assessment. SDPs reduce the attack surface while increasing IT’s visibility into user activity and applications.Read the paper