According to Computerworld, security expert Morey Haber from BeyondTrust recently broke down why zero trust security frameworks are facing adoption challenges despite their importance. In a Today in Tech episode with host Keith Shaw, Haber explained that the issue isn’t with zero trust itself but with how businesses are implementing it. The discussion covered everything from vendor overhype to the critical role of identity management in making zero trust work effectively. Haber also addressed how lateral movement prevention and compliance frameworks like HIPAA and PCI fit into the zero trust picture. With AI agents becoming more prevalent, he argued that zero trust is actually more relevant than ever for modern security needs.
The Vendor Hype Machine
Here’s the thing about zero trust – every security vendor under the sun claims they’ve got the magic solution. But as Haber points out, that’s probably part of the problem. When every product from your antivirus to your coffee maker claims “zero trust capabilities,” what does that even mean anymore? Companies are buying tools thinking they’re checking the zero trust box, but they’re really just adding more complexity without actually changing their security posture. It’s like buying a fancy lock but leaving your front door wide open.
Identity Is Everything
So what’s the core issue? Basically, organizations are focusing on the wrong things. They’re buying perimeter tools and network segmentation products while ignoring the most critical piece: identity. In a true zero trust world, it doesn’t matter where you’re connecting from – what matters is who you are and what you’re allowed to access. The lateral movement problem Haber mentioned? That’s what happens when you don’t get identity right. An attacker gets one credential and can hopscotch through your entire network because you’re still trusting internal connections.
AI Changes Everything
Now here’s where it gets really interesting. With AI agents becoming part of our daily workflows, the traditional security model is completely broken. How do you apply zero trust to non-human entities that need access to sensitive data? Haber’s right that this makes zero trust more relevant, not less. But it requires thinking about authentication and authorization in completely new ways. If your zero trust strategy doesn’t account for AI-driven access patterns, you’re already behind the curve.
Practical Steps Forward
Look, the compliance angle is actually helpful here. Frameworks like HIPAA and PCI force you to think about data access in zero trust terms whether you call it that or not. The key is starting with your most critical data and working backward – who needs access, under what conditions, and for how long? Instead of buying another “zero trust solution,” maybe just map your existing access controls and see where the trust assumptions are too broad. Sometimes the most advanced security strategy is just doing the basics consistently well.
Continue Reading: Related Articles
Cybersecurity
Cybersecurity
AI
AI
AI
