Peer-Driven Insights

Zero Trust

About this topic

Zero Trust refers to a security model that requires continuous verification of users and devices, regardless of location. It minimizes security risks by enforcing strict access controls and assuming no implicit trust within or outside the network.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?

Community Posts

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms. Is this something many companies do?

Read More Comments

We are looking at implementing role-based access controls on some of our SaaS platforms due to entry into emerging markets. Does anyone have best practices to share?

Read More Comments

If you haven’t adopted a zero trust strategy, what are your reasons for not doing so?

Read More Comments

How do you foresee the data security and privacy landscape changing over the course of 2023?

Read More Comments

Thoughts on cybersecurity mesh architecture (CSMA)? Is it just a new buzzword or a genuine step up from Zero Trust and SASE?

Read More Comments

Does the term "novel attack" resonate with security teams? or does "unknown attack" resonate better? What would you consider novel/unknown attacks? Does your current threat detection solution detect novel/unknown attacks?

Read More Comments

How has your zero trust strategy shifted in the last year, if at all? (And if nothing’s changed, how are you thinking about evolving it in the next year or so?)

Read More Comments

In terms of ZeroTrust and organizations building out their environments in such a way that makes sense and minimizes risks. As a medium to large enterprise, are you satisfied with your progress to date? To riff a bit more on this topic , NIST 800-207 is a good read, it covers both greenfield and continuous improvement ZeroTrust scenarios. Similar to data compliance, I think most of us never experience greenfield.

Yes55%

No22%

Unsure12%

Too early to tell9%

View Results

What are some effective approaches to access provisioning?

Read More Comments

Zero trust is the biggest cybersecurity advancement in the past decade.

Strongly agree10%

Agree55%

Neutral24%

Disagree7%

Strongly disagree2%

View Results

What is the most important role of corporate culture in addressing the psychological impact of digital security?

Corporate culture has no influence on digital security.16%

Prioritizing digital security above other aspects in corporate culture.50%

Creating a work environment that supports mental well-being.17%

All of the above.16%

Your own perspective (Comment).1%

View Results

Non-human identities (NHIs), such as API keys, service accounts, and tokens, outnumber humans by 25 to 50 times and often go ungoverned. From Entro’s 2025 report:
• 90% have excessive permissions
• 44% are exposed in the wild
• 91% of stale secrets are never revoked

What helped us: inventory, assign owners, right-size access, monitor behavior, and test continuously.

How mature is your NHI program? Biggest barrier, tooling, ownership, or adoption?

What are the key pieces in a zero trust architecture assessment?

Employee Count and Licensing Usage:

- What is your employee count?

- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?

- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?

Read More Comments

I am trying to find a definitive definition of what a logical air gap is. There are various mechanisms of backup access isolation that can be employed but it seems to be a very gray area in terms of an explicit definition. Has anyone come across a definition that might even include a sliding scale of more restrictive logical air gap defenses? For example, I think about several access related configurations that could involve Role based security, MFA, SDN, Firewall, WAN, etc.

About this topic

Featured One-Minute Insights

How are U.S. CISOs Addressing Liability Risk?

Community Posts

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms. Is this something many companies do?

We are looking at implementing role-based access controls on some of our SaaS platforms due to entry into emerging markets. Does anyone have best practices to share?

If you haven’t adopted a zero trust strategy, what are your reasons for not doing so?

How do you foresee the data security and privacy landscape changing over the course of 2023?

Thoughts on cybersecurity mesh architecture (CSMA)? Is it just a new buzzword or a genuine step up from Zero Trust and SASE?

Does the term "novel attack" resonate with security teams? or does "unknown attack" resonate better? What would you consider novel/unknown attacks? Does your current threat detection solution detect novel/unknown attacks?

How has your zero trust strategy shifted in the last year, if at all? (And if nothing’s changed, how are you thinking about evolving it in the next year or so?)

What are some effective approaches to access provisioning?

Zero trust is the biggest cybersecurity advancement in the past decade.

What is the most important role of corporate culture in addressing the psychological impact of digital security?

What are the key pieces in a zero trust architecture assessment?

Employee Count and Licensing Usage:- What is your employee count?- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Employee Count and Licensing Usage:

- What is your employee count?

- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?

- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?