At the beginning of 2022, Zero Trust faces a bizarre dichotomy: It’s on the verge of becoming the de facto cybersecurity approach while simultaneously having many security practitioners decry it as “just a marketing ploy.” How did we, as the security community, arrive at such a precarious perch?
Part of the problem, according to John Kindervag, former Forrester analyst and author of the original Zero Trust research, was that the trilogy of Zero Trust papers remained largely behind the Forrester paywall. For over a decade, only Forrester clients and every security vendor in the world had access. The hype train left the station, with those vendors shaping the Zero Trust narrative from their highly subjective perspective. Nonclients and the greater cybersecurity community only saw Zero Trust through the stained-glass windows of vendor marketing.
Forrester’s research advanced the Zero Trust concept from network-focused to an integrated, dynamic ecosystem of security capabilities and technologies with the introduction of Zero Trust Extended (ZTX). But analysts are not necessarily marketers, and the research lacked a clear, concise, shareable definition our clients and the larger community could use as a stake in the ground.
Today, we correct both of these issues with the release of a report titled,