The concept of zero trust has received unprecedented attention. After languishing for over 10 years following John Kindervag's invention of the concept, suddenly every security product and services vendor on the planet was offering a pathway to the zero trust promised land. There has been more marketing around ZT than for any prior cybersecurity product, technology or service. The outcome? Confusion, cynicism and outright rejection of ZT principles, based on misinformation and overly hyped vendor solutions that had nothing to do with zero trust.

It's a product, a service, a reference architecture, a strategy, a concept, a direction and a lifestyle. But, in reality, it is none of those things. Zero trust is a set of guiding principles for re-architecting networks and computing environments that reduces the overall attack surface, removes excessive trust, improves identity authentication, and monitors activity and behavior to discover anomalies before systems are breached. Zero trust leverages existing cybersecurity products, such as microsegmentation, identity access and application security, and it can be implemented in small chunks to incrementally improve an organization's security posture. This session dissects some of the zero trust myths.