The Zero Trust Hub

Trends, insights, and resources for today's cybersecurity leaders. Updated weekly.

Subscribe on LinkedIn
Weekly Podcast

The Monday Microsegment

NEWS

Rethinking the Real Roadblocks to Zero Trust: Incentives, Culture, and Structural Inertia

In ISMG Studio, John Kindervag asserts that misaligned incentives — not technology — are the real barriers to Zero Trust adoption. He stresses the need for organizational culture shifts that align security efforts with business objectives to drive greater reslience and better outcomes.

NEWS

Avoiding a Single Point of Failure: Heeding the Wake-Up Call for Cyber Resilience

When a single software update disrupted airlines, hospitals, banks, and emergency services, it exposed the danger of relying on single points of failure in an increasingly connected world. In Cybersecurity Insiders, Trevor Dearing argues that it’s time to shift from prevention to resilience.

Weekly Briefing

Awareness of Zero Trust Shifting from ‘What Is It?’ to ‘How Do I Achieve It?’

Gary Barlet at RSAC Public Sector Day

This year at RSAC, something struck me more than the massive booths or the flood of AI buzzwords. It was the number of discussions I heard where security leaders were asking critical questions:

“What if we can’t stop every breach? What do we do next?”

That shift in mindset — from pure prevention to preparation and containment — was everywhere in my conversations last week. And it’s exactly why Zero Trust, especially microsegmentation, continues to gain momentum.

Zero Trust continues to gain ground

Compared to last year, I saw a slight uptick in Zero Trust messaging. It wasn’t the loudest theme. That honor clearly went to AI. But Zero Trust is sticking around for a reason.  

The folks I talked to aren’t asking, “What is Zero Trust?” anymore. They’re asking, “How do I actually do it?”

That’s a good sign.

There’s a growing realization that we can’t prevent every breach. So the question shifts to: What happens after? That’s where Zero Trust shines.  

Segmentation, least-privilege access, visibility — these aren’t just principles, they’re the strategy for surviving a breach and containing the damage.

Segmentation climbs the priority list

This year, I heard a lot more security leaders talk seriously about segmentation, not as a compliance checkmark but as a necessity.

Businesses across every industry, size, and location are starting to accept a hard truth: you can't stop every attacker from getting in. But you can stop them from getting far.

That means proactively designing your environment to isolate systems and control access, not after an incident but before. Segmentation is core to a Zero Trust strategy, and I'm thrilled to see it continue to get the attention it deserves.

Observability turns data into decisions

We all want to do more with less. That’s universal. And it’s why I had a lot of conversations last week about observability tools like Illumio Insights.

Security teams are tired of digging through logs and dashboards trying to figure out what matters. There’s more security data than ever, but it’s slowing us down.

If you can surface the biggest risks in minutes and show how they connect across domains, you’re helping teams move from reactive to proactive.

And that’s where observability becomes a Zero Trust enabler. You can’t enforce what you can’t see.

AI helps us and attackers

AI was everywhere this year at RSAC. Most booths had some mention of it. But almost no one was talking about AI from the attacker’s perspective. That worries me.

We need to stop pretending it’s a fair fight, especially as AI continues to quickly evolve. Threat actors don’t have to follow rules, ethics, or compliance frameworks.  

If defenders and attackers are using the same tech, and one side has no guardrails, guess who wins?

Cybersecurity leaders need to start thinking about how to defend against AI-driven attacks, not just how to implement AI into their own tools.  

The good news is that Zero Trust gives us a framework that adapts without needing to be reinvented every time something new shows up. Zero Trust fundamentals like least-privilege access and strong segmentation don't change. It’s about building resilience that lasts.

Integrate, don’t rip and replace

After a week at RSAC, it’s easy to walk away with a hundred new ideas and a list of shiny tools. But my advice is to take a breath.

First, look at what you already have. Then, ask how any new tools will fit into your existing ecosystem. Zero Trust isn’t about replacing everything — and AI isn’t the answer to every cybersecurity challenge.  

At the end of the day, cybersecurity isn’t just about stopping breaches. It’s about resilience. And Zero Trust is still the best strategy we’ve got to get there, no matter what threats or technology come next.  

CHART OF THE WEEK

Are We Ready for the Risk?

According to World Economic Forum’s 2025 Global Cybersecurity Outlook, organizations overwhelmingly expect AI and machine learning to have the most significant impact on cybersecurity in the year ahead — well ahead of any other emerging technology. Yet despite this awareness, few have processes in place to assess the security of AI tools before deployment. This disconnect between urgency and readiness highlights a growing risk as AI adoption accelerates.

Zero Trust Resources

eBook

Strategies for DORA Compliance: Key Role of Zero Trust Segmentation

Is your organization ready for the January 2025 DORA deadline? Discover key strategies for cyber resilience and how Illumio Zero Trust Segmentation simplifies compliance.

GUIDE

Zero Trust Segmentation for Dummies

Breaches are inevitable, but the damage isn’t. Zero Trust Segmentation for Dummies simplifies how to stop threats from spreading, protecting your organization before they cause harm.

REPORT

2025 Global Cost of Ransomware Study

Some 88% of organizations were hit by ransomware in the last year. Are your defenses ready to stand up to today’s ransomware threat? Uncover the real impact of ransomware and strategies to stay resilient against the next inevitable attack.

Introducing Illumio Insights:
AI Cloud Detection and Response

Get an early look at the first cloud detection and response (CDR) solution built on an AI security graph. Join our live webinar May 6 at 9:00 AM PDT — and on demand afterwards.

Top contributors

John Kindervag

Chief Evangelist

Raghu Nandakumara

Head of Industry Solutions

Gary Barlet

Public Sector CTO

Trevor Dearing

Director of Critical Infrastructure Solutions

Michael Adjei

Director, Systems Engineering

Christer Swartz

Director of Industry Solutions