The Truth About Zero Trust

As Zero Trust has become more widely known, so too have the misconceptions around what Zero Trust is and how to achieve a Zero Trust network architecture. Below are the four most prevalent myths about Zero Trust and the truths behind them.

Myth 1

The goal of Zero Trust is to make a system trusted.

Truth: The goal of Zero Trust is to eliminate the concept of trust so that we can strategically protect what’s important to organizations.

Data Breaches

80% of data breaches are caused by misuse of privileged credentials1

Malicious insiders

Malicious insiders can cost an organization an average of $650K per incident2

Negligent insiders

Negligent insiders can cost an organization an average of $285K per incident2


Myth 2

It’s complex, costly and time-consuming.

Truth: Start by focusing on the most critical applications and data sets. Build your strategy around the four design concepts of Zero Trust.


Operational efficiency

32% believe Zero Trust improves operational efficiency and reduce complexity3

Reduce security costs

Deploying Zero Trust can reduce security costs by 31%4


Myth 3

Zero Trust is all about identity.

Truth: Identity is only part of Zero Trust. Traffic the asserted identity generates must be inspected for malicious content and unauthorized activity and logged through Layer 7. Start with the protect surface (the sensitive data you want to protect), and extend across the network to the applications, systems and users.


Myth 4

You can do Zero Trust at Layer 3.

Truth: Most attackers can bypass traditional network firewalls operating at Layer 3–4 and use port scans to access vulnerable open ports or services. When you create policy at Layer 7, you have visibility throughout the entire stack, preventing attackers from moving across the internal network and accessing sensitive data or systems.

Zero Trust approach

50% believe a Zero Trust approach would minimize losses due to breaches3

Zero Trust doesn’t have to be abstract. There is a simple five-step methodology to implementing Zero Trust.



1. “The Forrester Wave™: Privileged Identity Management, Q4 2018
2. “The 2018 Cost of Insider Threats: Global Study,” Ponemon Institute, April 2018
3. “Pursue Zero Trust on the Extended Network,” Forrester Research, April 2018
4. “Adopt Next-Gen Access to Power Your Zero Trust Strategy,” Forrester Research, April 2018