The Zero Trust Mistake Hiding Inside Every Perfect Plan
VP, Industry Strategy
A board once heard the words “extinction-level event” and still rated the odds of it happening at zero.
That’s the position Tim Brown, the CISO who lived through the SolarWinds breach, was put in.
He had warned his board years before the attack that a compromise of this scale would threaten the business itself. The board understood the stakes but saw no reason to believe a company their size would ever be a nation-state target.
History proved that assessment wrong.
Illumio founder and CEO Andrew Rubin referenced this during our discussion on a recent episode of The Segment podcast. His point was that the board understood the risk but never assumed it would happen to them, and that single assumption is where most Zero Trust programs go wrong, too.
Zero Trust starts from one uncomfortable premise: assume breach. That premise only works if you also accept that perfect prevention is not the goal.
Yet most organizations still run their Zero Trust programs like prevention is the finish line, chasing complete coverage before declaring any win. That instinct stalls a Zero Trust strategy before it produces a measurable result.
The real fix starts with a different definition of success rather than a better architecture diagram.
The enemy of a good Zero Trust strategy is a perfect one
Andrew pointed to an old expression: the enemy of a good plan is a perfect plan.
Two things are certain about a perfect plan:
- You’ll never finish developing it.
- You’ll never achieve it.
Both points are true because perfect doesn’t exist
For too long, cyber teams have treated flawless security as the only acceptable answer. That belief has created a gravitational pull toward an unreachable standard, and good outcomes have sat on the shelf while everyone searched for a better one.
The real fix is a different question. Instead of asking what a complete Zero Trust environment would look like, ask what risk you can remove today.
Can you separate development from production. Close dangerous ports? Shut off services sitting open and unused across thousands of servers? None of that is flawless Zero Trust. But all of it leaves you measurably less exposed than before.
Outcomes beat capability with Zero Trust and everything else
Andrew described a pattern across cybersecurity broadly. Vendors talk about technology through everything it’s capable of doing. But customers care about a narrower question: what value does this create for the problem in front of me?
For Illumio, the answer was simple. The job was reducing the risk of a catastrophic breach, which a Zero Trust strategy is built to absorb. Excessive lateral movement is what turns a contained incident into a catastrophe, so removing it became the priority.
Some lateral movement is easy to close off, some is hard. The smart move is tackling the easy wins first instead of waiting for full architectural coverage.
Focusing on low-hanging fruit before completeness is what finally lets teams show measurable Zero Trust progress instead of running an indefinitely pending project.
Market forces have accelerated this thinking but didn’t create it. Andrew pointed to regulations like DORA as a clear tailwind, ratcheting up pressure to deliver demonstrable outcomes instead of theoretical coverage.
That pressure is healthy. It pushes the industry toward rewarding actual, delivered risk reduction, something security programs have been weak at proving for a long time.
The real question for your Zero Trust program
If your Zero Trust roadmap is still waiting for the complete, fully mapped version before you call it a win, you’re repeating the exact mistake many teams have spent years working through.
It’s time to accept that a smaller blast radius today beats a theoretically perfect architecture that never ships.
Every quarter spent chasing the perfect Zero Trust plan is a quarter your organization stayed more exposed than it needs to be.
