What is the problem with the image that Zero Trust based information security brings along?

Once you understand the principles, and they are not really difficult, it is obvious that only ZT can lead us to a more secure cyber future.

So, what is holding us back?

Here are some of the misconceptions:

  1. “It is a boatload of work, so let’s not start.” Truth: yes, fully securing your IT with all its technical debt is a boatload of work. That is exactly the reason why you need ZT, so that you know where you can get started quickly, and be more secure before the last hole is plugged.

  2. “Our board of directors does not understand this, so we don’t get funding.” Truth: ZT is easy to explain, once you find the right language to talk to them. ZT gives you technology neutral language.

  3. “Our security team does not trust ZT.” Truth: they may think it is overhyped, or another piece of technology that overpromises, and underdelivers. In reality, ZT is consolidating what they have always wanted to do, but did not know how to get funding for. And it is a great way to professionalize their career, if they so desire.

  4. “It forces us to do real work, instead of checking boxes.” Unfortunately, this is not a myth. But ticking boxes does not have a track record in making organizations secure. Nor has it been successful in creating meaningful work. ZT approaches are both more efficient and more rewarding.

  5. “Basic cybersecurity certifications are good enough.” Truth: if basic cyber certifications are going to improve your cyber security, you should definitely pursue those first. But they don’t help you prioritize and manage at scale.

  6. “Our partners are handling our security.” Truth: this is not true on the geopolitical scale, as some have found out. Nor is it true in cybersecurity. Companies remain accountable. And as ZT is also about prioritizing your investments, who would you prefer to have control over those investments? You or your partners?

  7. “We’ll just buy a box.” Truth: while there are great solutions out there that do a good job of implementing specific ZT use cases, and you will probably need some of them, if you don’t strategically know what you need, you will only procure shelfware. ZT addresses that.

  8. “Another course, another boring set of PowerPoints.” Truth: while the CSA CCZT courseware includes many PowerPoints, and I use some of that, my program is about much more than that. I flip the classroom, we spend most of the online time on a conversation to guide you through applying this stuff. My participants still find their jobs challenging, but not for lack of knowing how to approach it.

The next cohort of my Zero Trust program starts next week.

This week is the last chance to book a 1-on-1 call to discuss your participation in it, and the benefits that it will bring. Find the link in my profile.