Access the Gartner paper now
“Zero trust is misnamed. A strict interpretation of ‘zero trust’ would mean that no special capabilities are extended. With zero trust networking, the initial security posture is one of no implicit trust (‘zero trust’) between different entities. At the point where trust is needed to enable access to capabilities, a level of sufficient trust must be established.”
Neil MacDonald, December 2018
Many vendors refer to zero trust as “never trust, always verify.” But, realistically, trust needs to be extended so that users can get their work done. That’s why the term “zero trust” is a misnomer. While zero trust begins with an initial security posture of default deny, allowing users to do their work means that once trust is established, security and risk management leaders must be able to continuously assess trust—and a great way to do that is by following the Gartner CARTA approach.
Rather than relying on incumbent, network-centric solutions that are susceptible to risk from inside and outside the network, Gartner recommends that enterprises in the midst of digitalization embrace a software-defined perimeter (SDP) service and focus on micro-segmentation. SDPs allow teams to establish trust, provide secure access based on adaptive controls via outbound connections, and monitor activity for continuous risk assessment. SDPs reduce the attack surface while increasing IT’s visibility into user activity and applications.Read the paper