Posted by: Greg Ness | May 10, 2019

The Zero Trust Paradox

Or The Zero Trust Graveyard… your choice.

I just glanced through an analyst report on “zero trust” and noted the sizable eco-system of startups and security cartel players who have all managed to join the party. After all, it’s a noble aim.  If there isn’t a way for an untrusted user, app or file, etc. to enter a TCP/IP network from the internet that would be a great thing.  A great thing indeed.

Yet startups embracing zero trust in their messaging have had little success.  And I don’t think its because the security cartel players embracing zero trust (perhaps merely for thought leadership points) have succeeded.

What is the zero trust problem hinted at by the analyst?  Why is there a higher correlation between zero trust startups and new office space filled with old cubicles… than with hackers declaring bankruptcy?

I have a theory, inspired by conversations with security execs who’ve dabbled in the use of zero trust firewall and segmentation solutions.

Zero Trust Paradox

The Zero Trust (Complexity) Paradox

For traditional TCP/IP-architected security solutions the security landscape (defense in depth) is so complex that anything added ends up creating more complexity than actual enforcement efficacy.  In short, it’s a declining sum game, where every new investment ends up costing you more because of stack fatigue.

I’d prefer to call this zero sum scenario a zero trust paradox. Rising complexity makes it harder for innovation to have a meaningful impact.  Deployment is politically and/or technically painful and protracted because of the limited “elbow room” for innovation.  And security stacks are getting even more complex as IIoT devices are being added at a healthy clip.

Cities are getting poorer while hackers are getting richer. Indeed, rising complexity is more likely a hacker’s playground than an increasingly secure infrastructure.

This came out loud and clear over an incredible steak dinner with an old friend with some major security insight and responsibilities. So I won’t name him. 🙂

Is there a solution to the paradox? Yes: the transformation of the TCP/IP stack to include a new overlay layer, which should have been included in the first place.



  1. […] when it comes to deployment, especially internal political and technical challenges.  See the Zero Trust Paradox. Complexity behind the firewall has escalated to such an extent that innovation on a macro-scale is […]

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: