Site icon Infused Innovations

Pros and Cons of the Zero Trust Model

Pros and Cons of the Zero Trust Model 1

The Zero Trust model is a security framework that operates like its name suggests: it follows the policy of trusting no one, including those within the network. Every entity (inside or outside the network) is assumed to be a potential threat and should not be considered safe until it is checked and verified. Thus, every device and user in an organization must be monitored and managed. This strict security practice has its pros and cons, which we’ll go over.

How Zero Trust came about

The concept of the Zero Trust model was started in 2010. John Kindervag, then Vice President and Principal Analyst for Forrester Research, came up with the idea when considering weaknesses in the traditional security model. That traditional model assumed that entities inside the network could be trusted. While that may generally be an instinctive assumption, it leaves room for vulnerability. Kindervag considered this assumption outdated as technology advanced and cyberthreats became more of a problem. He inverted the model to view everyone as “guilty until proven innocent.” While insider threats are not something organizations necessarily expect, they operate on the safe side and require verification everywhere. Ever since Kindervag originally came up with the concept, businesses have increasingly chosen to apply this model in their security plans. In 2018, one Forrester analyst said 17 out of 20 calls he got were about Zero Trust—and the framework is even more relevant today.

Advantages of using the Zero Trust Model


Should you incorporate this framework into your company’s security practices? Building a Zero Trust network is a considerable task, but sometimes it’s worth it to put the extra effort in. Let’s look at some pros and cons to help you decide whether a Zero Trust model is right for you.

Here are some strengths of the Zero Trust model:

Challenges of using the Zero Trust Model

With all these additional security strengths, the Zero Trust model does make a security policy more complicated. Here are some of the additional challenges that come with such a comprehensive strategy:

Microsoft’s Zero Trust Blog

Closing thoughts on the Zero Trust model

As you can see, the cons of using the Zero Trust model are mainly related to the additional work required to implement it. It is a strong security framework–it just takes a good amount of effort to set up. Without assumed trustworthiness, the network is more secure. If the company does get penetrated by a cyberattack, the virus can’t move laterally throughout the network since that movement is also regulated. So this comprehensive, specified approach is a good idea in security terms. The question is whether and how your company is able to switch over to it. One Zero Trust foundation we recommend is Microsoft Azure AD—we even have a guide for setting it up there.

For more on security related issues, read our blog about why ransomware is still a problem.

Exit mobile version