Better companies
Fail fast, fail often
Cybersecurity, in the Plural
As passwordless authentication emerges as one of the next big shifts in cybersecurity, the story of multi-factor authentication (M…
Better companiesFail fast, fail often
Wednesday, 1 October 2025
article
Zero Trust, 100% security
With the rise of cloud, mobility, and remote work - and in the face of increasingly frequent cyberattacks - the traditional IT security model is no longer sufficient. Enter the Zero Trust approach, a strategy now essential for securing information systems, despite the challenges of implementation.
The 4 pillars of Zero Trust
A world without a perimeter
Adoption on the move
What is Zero Trust?
Traditionally, IT security has operated with a perimeter-based logic, comparable to a fortress: the firewall serves as the outer wall, and once “inside,” users are implicitly trusted and free to roam throughout the network.
Zero Trust - literally “trust zero,” never trust by default, always verify - flips this logic on its head. Every access, every resource, and every action is checked, even within the network. It’s like placing a guard at every door of the castle.
The 4 pillars of Zero Trust
This approach is built on four founding principles:
- Systematically verify identity and context: Who is connecting, from which device, where, and when. This includes mechanisms such as multi-factor authentication (MFA).
- Apply least privilege: A user only receives the access strictly necessary for their role. For instance, a finance manager does not need access to sensitive R&D documents.
- Assume compromise: Verification does not stop at the login stage. The system continuously monitors behavior to detect anomalies.
- Isolate different network resources: Micro-segmentation limits the spread of a potential breach.
A world without a perimeter
In the 1990s, several researchers and security practitioners began questioning implicit trust inside the network. In 2004, the Jericho Forum introduced the concept of “de-perimeterization,” anticipating a world where cloud and mobility would blur the boundaries between organizations and the outside.
In 2009, Google launched the BeyondCorp project (published in 2014), implementing a “perimeterless” architecture. The following year, John Kindervag, an analyst at Forrester Research, formalized Zero Trust, giving it a clear framework and helping spread the concept.
Today, Zero Trust has been taken up by major corporations and recommended by government agencies such as NIST in the United States, ANSSI in France, and NCSC in the United Kingdom.
Adoption on the move
According to Gartner, 63 % of companies and organizations worldwide have already implemented a Zero Trust strategy. However, in most cases, this strategy only covers part of the infrastructure.
That’s because Zero Trust is not an out-of-the-box tool you simply install - it’s a rigorous security posture that is complex to implement.
It requires modernizing outdated infrastructures, deploying and integrating multiple advanced solutions into existing systems, and training employees in new practices.
The necessary investments may sometimes seem disproportionate compared to still underestimated threat. In addition, some executives resist having their own access privileges restricted.
But things are changing. Increasing regulatory pressure is imposing stricter standards for data protection. At the same time, the growing maturity of solutions - more integrated, automated, and compatible with existing environments - is making Zero Trust more accessible.
As a result, the adoption of Zero Trust is clearly underway. For many companies, the question is no longer “Should we implement this principle?” but rather “How quickly can we get there?”
