Lock the doors inside your home, hand out keys sparingly, then turn on an alarm in every room. Your house will get a lot more secure. However, it will also become unlivable. Tight security policies, access conditions, and subnetting configurations can take away risk but even mature Zero Trust Architecture (ZTA) environments must balance cybersecurity with usability.

“Just make us Zero Trust.” Hands up if you’ve ever heard some version of this statement. Gather ten cybersecurity pros in a room, and you’ll have ten frustrated people trying to implement Zero Trust Security Architecture (ZTA). Although boards and non-security executives often understand the ZTA security model at a high level and love the idea of an inherently secure network, security teams keep running into walls during implementation.

Bad news first. Implementing Zero Trust is more complex than using a particular service or a product. Although definitions vary, Zero Trust is an approach to network architecture that moves security closer to user actions and away from network assets. In a 100% Zero Trust environment, no user, process or application inside a network is trusted by default.

What size Zero Trust would you like? Zero Trust Architecture (ZTA), and cybersecurity in general, would be easier if you could walk into a Zero Trust shop instead of navigating a human and technological minefield featuring confused executives, reluctant employees, and a buzzword-heavy Zero Trust vendor landscape. The fact that “humans don’t work in a Zero Trust manner” will not change anytime soon, but technology is something in your control.