Why should IT departments implement zero trust?

Regardless of whether it's a corporate security plan, a data categorization plan, edge strategy, or better automation on a factory floor, zero trust—and security in general—only work if the C-suite supports the expectation of what security should accomplish and how it fits into corporate governance and planning. The biggest problem I've seen is with organizations that take zero trust to mean “I get to watch everything that you do.” That's not what it means to me. It’s a shared responsibility. As humans in the supply chain—for anything in technology but certainly for security—we are victims of our own behavior and assumptions on a daily basis. Whether it's security or the process for building a server, the reason there is DevOps, the reason there are written processes is because of humans. It's that simple.

Anonymous Author
Regardless of whether it's a corporate security plan, a data categorization plan, edge strategy, or better automation on a factory floor, zero trust—and security in general—only work if the C-suite supports the expectation of what security should accomplish and how it fits into corporate governance and planning. The biggest problem I've seen is with organizations that take zero trust to mean “I get to watch everything that you do.” That's not what it means to me. It’s a shared responsibility. As humans in the supply chain—for anything in technology but certainly for security—we are victims of our own behavior and assumptions on a daily basis. Whether it's security or the process for building a server, the reason there is DevOps, the reason there are written processes is because of humans. It's that simple.
2 upvotes
Anonymous Author
Zero trust is more important now than ever as part of digital transformation and digital resiliency. It's not about slapping your hands. Zero trust does not mean I don't trust my employees. It means I have zero security wherever they are: They're in a coffee shop on public WiFi and I need to protect them. It's not that they're malicious. Too many people think the security team assumes they’re malicious, that's not true. They protect you against attacks you're not aware of. Maybe they haven't done a great job of communicating it, but zero trust means: I trust my employees implicitly and I don't trust the environment explicitly.
3 upvotes
Anonymous Author
Due to the more than ever increasing number of devices that need access to the system whether from within or remotely
2 upvotes