Zero trust offers organizations an approach that can help to significantly improve security posture and help to minimize risk. But what would happen if, let’s say, an organization had fully implemented zero trust and yet at some point several years into the future had a breach? What would be the likely reasons?
“Our out of scope is in scope for adversaries,” Goerlich said.
“Whenever a control reaches critical mass, the control will be bypassed,” he said. “Another way of saying that is all a better mousetrap does is breed better mice.”
He suggests that organizations deploying zero trust today, look at their roadmaps and make sure they have plans to sustain support, interest and engagement for years to come. Goerlich also recommends that zero trust implementers shore up out-of-scope areas to help reduce the attack surface.