Why should IT departments implement zero trust?

1.7k views5 Comments

CEO in Software, 11 - 50 employees
Regardless of whether it's a corporate security plan, a data categorization plan, edge strategy, or better automation on a factory floor, zero trust—and security in general—only work if the C-suite supports the expectation of what security should accomplish and how it fits into corporate governance and planning. The biggest problem I've seen is with organizations that take zero trust to mean “I get to watch everything that you do.” That's not what it means to me. It’s a shared responsibility. As humans in the supply chain—for anything in technology but certainly for security—we are victims of our own behavior and assumptions on a daily basis. Whether it's security or the process for building a server, the reason there is DevOps, the reason there are written processes is because of humans. It's that simple.
2 2 Replies
CTO in Software, 11 - 50 employees

Zero trust means I want my people to do the best thing possible, but I need to verify what they do because there are malicious actors out there. It’s a protection point on what activity is done.

CIO in Education, 1,001 - 5,000 employees

Gartner’s analyst just said everybody's doing zero trust, but we're never going to be able to do that because our network is just not in a good place to do so. It's not unified, so zero trust doesn't even present itself as an option. We're left with either split tunneling via VPN or VDI, neither of which is an elegant solution.

CTO in Software, 11 - 50 employees
Zero trust is more important now than ever as part of digital transformation and digital resiliency. It's not about slapping your hands. Zero trust does not mean I don't trust my employees. It means I have zero security wherever they are: They're in a coffee shop on public WiFi and I need to protect them. It's not that they're malicious. Too many people think the security team assumes they’re malicious, that's not true. They protect you against attacks you're not aware of. Maybe they haven't done a great job of communicating it, but zero trust means: I trust my employees implicitly and I don't trust the environment explicitly.
C-Suite in Construction, 51 - 200 employees
Due to the more than ever increasing number of devices that need access to the system whether from within or remotely

Content you might like

First day on the job10%

Sometime during their first week52%

Sometime during their first month26%

2-3 months after their hiring date6%

It depends on their role/level3%

Other (explain in the comments section)1%



API security is our top priority8%

Very high48%




API security is not at all a priority for us1%