If you haven’t adopted a zero trust strategy, what are your reasons for not doing so?

Security Strategy & RoadmapZero TrustIdentity & Access Management (IAM)
2.4k views1 Upvote9 Comments
Sort By:
Oldest
Head of IT and Security in Finance (non-banking)2 years ago
Budget restrains. Zero trust will require a big investment in our environment. Encrypted traffic needs to be decrypted to be checked which will need to change the network infrastructure and an ssl offloader. We need to invest in MFA as well.
Director in Construction2 years ago
Our issue is twofold. First is that Zero Trust requires a change of the overall architecture strategy of the organization.  The current architecture is based around firewalls and segregation of system so moving that to Zero Trust requires a different approach to architecture which involves change.  The second is education of architecture teams.  Legacy system architects think in terms of networks, IP and ports.  Changing their architecture mindset to think instead in terms of users and access is a fundamental shift that is, unfortunately, taking time.

I have two wishes for Zero Trust vendors.  (1) Train architects in the benefits of thinking about Zero Trust with your solution.  If you train the solution architects they will come, and (2) offer solution architecture services as part of your post sales team.  Don't make if free (because then their is no perceived value) but instead make solution architecture using your solution a consulting service available to customers attempting to build a Zero Trust direction using your solution.
Director of Information Security in Manufacturing2 years ago
While we agree with the overall concept of Zero Trust, getting the relevant bits and pieces in place has proven to be very difficult, mainly based on a lack of technical expertise with internal resources, and an overall seemingly staggering incremental cost.     Where possible, we are keeping the direction in mind when we upgrade individual components (e.g. the IDM, or the firewalls) but right now it does not look like the individual parts will result in a true 'Zero Trust' setup without an additional effort.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director of Information Security Operations in Consumer Goods2 years ago
budget, leadership engagement, too many players selling the same 
Director, Strategic Security Initiatives in Software2 years ago
Investment, Strategy, Customer, Supporting systems, etc.

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

Single sign-on (SSO) increases the chance of a major network security breach.

Single Sign-On (SSO/SAML)Identity & Access Management (IAM)Third Party Risk Management (TPRM)

Strongly agree4%

Agreee59%

Neutral23%

Disagree12%

Strongly disagree1%

View Results
3.8k views2 Upvotes3 Comments

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship ManagementSecurity & GRCSecurity Strategy & Roadmap+1 more
Director of IT in Healthcare and Biotech9 days ago
Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more
Read More Comments
1.3k views3 Comments