Because access points continuously shift, the definition of zero trust continually evolves. According to a Fortinet survey, just 28 percent of organizations say they have fully implemented zero-trust principles, down from 40 percent in 2021.
“What it comes down to is that zero trust is a strategy. It’s a strategy that has to work at all levels of your organization, from the executives down to the lowest entry level,” Salazar said. “It’s not something where you just wave your hands and say, ‘We’re done.’”
LEARN MORE: How to improve your zero trust architecture and maturity.
How Do You Build Trust in Zero Trust?
Because zero trust is a concept, not a tool, its biggest challenges aren’t technological; they are strategic and cultural.
“Every person here, every organization, is going to have a different risk profile, so they’re going to have a different set of decisions,” Salazar said. “Zero trust as a concept is great. As for you individually? That definition is going to be different.”
Communication with organizational leaders about why zero trust is important and what it will entail — from financial resources to compliance issues and educating staff members on why workarounds put the organization at risk — can help security leaders ensure that stakeholders know that they’re not buying into a platform rather than a concept.
Because it’s a concept, it will be imperfect. Executives will need to be patient while the organization builds its zero trust strategy to maturity — a maturity that will never be complete. “A lot of the questions that I get are about the maturity model,” Bell said.