Save the Date for Zenith Live 2020 Pre-Register
Save the Date for Zenith Live 2020 Pre-Register

"Zero Trust Is an Initial Step on the Roadmap to CARTA"

Read about the Gartner Continuous Adaptive Risk and Trust Assessment (CARTA) strategy and the role of zero trust in its implementation.

Access the Gartner paper now

Please provide a valid state.
  Yes, please keep me updated on Zscaler news, events, webcast and special offers.

By submitting the form, you are agreeing to our privacy policy.

For more detail on this offer, review the terms and conditions.

“Zero trust is misnamed. A strict interpretation of ‘zero trust’ would mean that no special capabilities are extended. With zero trust networking, the initial security posture is one of no implicit trust (‘zero trust’) between different entities. At the point where trust is needed to enable access to capabilities, a level of sufficient trust must be established.”

Neil MacDonald, December 2018

Many vendors refer to zero trust as “never trust, always verify.” But, realistically, trust needs to be extended so that users can get their work done. That’s why the term “zero trust” is a misnomer. While zero trust begins with an initial security posture of default deny, allowing users to do their work means that once trust is established, security and risk management leaders must be able to continuously assess trust—and a great way to do that is by following the Gartner CARTA approach.

Rather than relying on incumbent, network-centric solutions that are susceptible to risk from inside and outside the network, Gartner recommends that enterprises in the midst of digitalization embrace a software-defined perimeter (SDP) service and focus on micro-segmentation. SDPs allow teams to establish trust, provide secure access based on adaptive controls via outbound connections, and monitor activity for continuous risk assessment. SDPs reduce the attack surface while increasing IT’s visibility into user activity and applications.

Read the paper
Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.