The Zero Trust Hub

Trends, insights, and resources for today's cybersecurity leaders. Updated weekly.

Subscribe on LinkedIn
Weekly Podcast

The Monday Microsegment

NEWS

Zero Trust’s Reality Check: Implementation Challenges and How to Solve Them

In Infosecurity Magazine, John Kindervag and Trevor Dearing explain why Zero Trust is a journey, not a project or product — and is never truly finished. They urge security leaders to deploy incrementally and shift their mindset away from prevention and toward resilience.

NEWS

Zero Trust and Ransomware: Prevention Gets the Budget. Containment Wins the War.

In SC Media,  Trevor Dearing argues that ransomware prevention is no longer enough. He urges CISOs to prioritize breach containment strategies like microsegmentation to ensure minimum viable operations and faster recovery when — not if — an attack occurs.

Weekly Briefing

Living on the Borderline: How BGP’s Blind Faith Puts Your Data at Risk

The internet is broken — at least when it comes to security.  

One of the biggest culprits is Border Gateway Protocol (BGP) which determines how traffic moves across the internet.  

The problem is that BGP doesn’t care about security. It doesn’t care about compliance. It doesn’t even care about national borders. It just wants to find the fastest way to get data from point A to point B.

That’s great for efficiency but a nightmare for security.  

And if you think traditional compliance frameworks can fix it, think again. The digital world runs on algorithms and protocols, not laws and regulations.  

BGP doesn’t recognize your legal jurisdiction. This can lead to major issues like violating the European Union’s General Data Protection Regulation (GDPR) without even knowing it.

The internet doesn’t respect borders

BGP was designed for connectivity, not security.  

It makes real-time routing decisions based on peering agreements and network congestion. It doesn't care whether a country’s laws require certain data to stay within its borders.  

Governments can legislate all they want. But they can’t stop BGP from sending sensitive data across international lines.

It gets worse. Because BGP is based on trust — blind trust — it’s incredibly easy to exploit.  

BGP is a relic of a different time, a time when security wasn’t an afterthought but rather not a thought at all.  

Ever heard of a BGP hijack? That’s when a malicious actor, or even a nation-state, manipulates BGP routes to redirect internet traffic through their own infrastructure.  

One of the most infamous attacks was in 2010. China Telecom hijacked 15% of the world’s internet traffic for 18 minutes, rerouting data through Beijing.  

They did it again in 2015 and 2016. And there have been increasing reports of Russia doing the same thing in recent years.  

Why Zero Trust is the fix

The fundamental problem with BGP is that it assumes trust. As I’ve been saying for years, trust is a vulnerability. That’s why we need Zero Trust.

Zero Trust doesn’t care about the route a packet takes. It doesn’t care if your data gets hijacked or rerouted through a foreign adversary’s infrastructure.  

Why? Because Zero Trust doesn’t rely on the network to provide security. Instead, it focuses on the protect surface — the critical data, assets, applications, and services (DAAS) that matter most to your organization.

Here’s how Zero Trust solves the BGP problem:

  1. Least-privilege access: Even if an attacker reroutes your data, Zero Trust policies prevent them from using stolen credentials or exploiting over-permissioned accounts to gain deeper access.
  2. Microsegmentation: If an attacker hijacks your traffic, it doesn’t matter if they can’t access anything valuable. Segmentation ensures that only explicitly authorized communications are allowed, limiting where an attacker can go in your network and reducing a breach’s impact.
  3. Verification at every step: In a Zero Trust architecture, every packet is inspected, authenticated, and verified before it’s allowed to interact with anything sensitive. If something looks suspicious, it’s blocked.


The internet wasn’t built to be secure, but Zero Trust ensures that security is always the priority.

BGP won’t change, but your security can

If you're still relying on traditional perimeter defenses and hoping compliance frameworks will save you, you're already exposed. The only real security comes from enforcing Zero Trust — stop trusting the network and start controlling it.

The internet isn’t secure, and it won’t be anytime soon. That’s why it’s on you to rethink your security strategy.  

CHART OF THE WEEK

Putting on the Pressure

According to The 2025 Global Cost of Ransomware Study, cybercriminals often use threats of data theft to pressure victims into paying a ransom. Data exfiltration is the most common tactic, followed closely by DDoS attacks. Attackers also rely on data encryption and direct communication with victims to escalate demands, making multi-layered extortion the new norm.

Zero Trust Resources

eBook

Strategies for DORA Compliance: Key Role of Zero Trust Segmentation

Is your organization ready for the January 2025 DORA deadline? Discover key strategies for cyber resilience and how Illumio Zero Trust Segmentation simplifies compliance.

GUIDE

Zero Trust Segmentation for Dummies

Breaches are inevitable, but the damage isn’t. Zero Trust Segmentation for Dummies simplifies how to stop threats from spreading, protecting your organization before they cause harm.

REPORT

Cloud Security Index 2023

The Cloud Security Index 2023 reveals that 60% of IT leaders view cloud security as a significant risk, with 93% agreeing Zero Trust Segmentation is essential. Download the report to learn more about key cloud security challenges and solutions.

88% of organizations were hit by ransomware last year, with 58% shutting down operations for an average of 12 hours.

The Global Cost of Ransomware Study reveals the real impact and how to stay resilient against the next inevitable attack.

Top contributors

John Kindervag

Chief Evangelist

Raghu Nandakumara

Head of Industry Solutions

Gary Barlet

Public Sector CTO

Trevor Dearing

Director of Critical Infrastructure Solutions

Michael Adjei

Director, Systems Engineering

Christer Swartz

Director of Industry Solutions