Illumio is a Customers’ Choice in the 2026 Gartner Peer Insights for Network Security Microsegmentation.
Read the report
Experienced a Breach?
|
Support
|
Contact Us
|
+1 855 426 3983
ZERO TRUST HUB ARCHIVE/ WEEKLY BRIEFING

If You Design Zero Trust for Perfection, You’re Designing It to Fail

Gary Barlet
Public Sector CTO
April 27, 2026
7 min. read
Gary Barlet
Public Sector CTO

Early in my career, I used to trust the diagram.

You’d walk into a meeting, someone would pull up a clean architecture slide, and everything would make sense.  

Then something would break.

And when you dug into the issue, you realized the diagram wasn’t wrong, just incomplete. It reflected how we thought the environment worked, not how it actually behaved under pressure.

That gap is where most security strategies struggle. It’s also where a lot of Zero Trust efforts stall out.

Zero Trust projects fail often because we design around assumptions instead of what’s really happening inside the environment.

Pressure separates real security from the illusion of it

There’s a lot of discussion right now about operating under pressure. But the pressure itself isn’t the root problem. It simply exposes what was already there.

When teams shrink, complexity becomes harder to manage. When budgets tighten, inefficient tools stand out. When mandates increase, gaps in strategy become harder to ignore.

Most environments today are more complicated than they appear. Security teams are using too many tools, have too little integration, and are missing clarity about how everything works together.

That’s manageable when things are calm. It becomes a problem when they’re not.

Zero Trust works only if your tools work together

Zero Trust was supposed to help solve this. It can, but only if it’s approached as an operating model instead of a checklist.

I still see organizations treating it like a series of separate projects. Identity in one lane. Network in another. Data somewhere else. Each team doing their part, but not always in sync.

Things start to break down here. If your tools don’t share data, you’re missing context. If they can’t act on that context automatically, you’re moving too slow. If your teams have to manually connect the dots during an incident, you’re already behind.

Zero Trust isn’t necessarily about having more controls but about making the controls you already have work together in a meaningful way.

Automation is what makes it all work

Automation comes up in almost every Zero Trust conversation, but it’s often framed too narrowly.

Speed is one consideration. But the real challenge is keeping pace with environments that don’t stand still.

Workloads spin up and down, and users move across systems. Data flows in ways that didn’t exist a few years ago. The environment is constantly shifting, and security has to move with it.

When policies can’t keep up, they drift out of alignment. Gaps start to appear, and they’re exactly what attackers look for.

What works is an approach where policies follow the workload, controls adjust based on context, and systems stay in sync as things change.

That’s how security teams scale without getting buried in manual work.

The hardest part of Zero Trust is defining risk

At the end of the day, the biggest challenge is how organizations think about risk.

Too many teams still define success as stopping every attack. That sounds reasonable, but it leads to the wrong priorities.

Attackers are going to get in. The real question is what happens next.

If an attacker can’t move, can’t escalate, and can’t reach critical systems, the impact is limited and the mission continues.

Zero Trust enables exactly that.

But getting there requires a shift in mindset. Leaders need to move away from the idea that a breach automatically means failure and focus instead on whether that breach can spread and cause real damage.

Security that doesn’t reflect reality will fail

The environment isn’t getting simpler. Threats are evolving faster, complexity is increasing, and security teams are being asked to do more with less.

Pressure exposes what actually works.

If your Zero Trust strategy depends on everything going according to plan, it won’t hold up when conditions change. And they always do.

The organizations that succeed design for what happens during an incident, not just before it. They assume controls will fail and focus on limiting what happens next.

That’s the real test of Zero Trust. Not whether you stop every attack, but whether you can contain one.

Zero Trust Resources

GUIDE

Zero Trust Segmentation for Dummies

Breaches are inevitable, but the damage isn’t. Zero Trust Segmentation for Dummies simplifies how to stop threats from spreading, protecting your organization before they cause harm.

Read now
REPORT

The Containment Gap

Most security teams trust their detection. They shouldn't. New research from a global survey of 700 IT and cybersecurity leaders reveals a massive gap between spotting threats and stopping them — with only 17% able to isolate a compromised asset in near real time.

Read now
REPORT

2025 Global Cloud Detection and Response Report

Discover how 1,150 global cybersecurity leaders are tackling alert fatigue, blind spots, and lateral movement in the hybrid multi-cloud.

Read now

Ready to learn more about breach containment?

See the Platform