According to Computerworld, BeyondTrust Chief Security Advisor Morey Haber recently discussed why zero trust security implementations are struggling despite the concept’s importance. During the Today in Tech podcast with host Keith Shaw, Haber explained that zero trust isn’t actually failing – businesses are simply implementing it incorrectly due to overhyped vendor claims and fundamental misunderstandings. The conversation covered critical aspects including identity management, lateral movement prevention, AI agent security implications, and compliance frameworks like HIPAA and PCI. Haber emphasized that zero trust remains more relevant than ever in today’s AI-driven security landscape, offering practical implementation advice drawn from his experience as a cybersecurity author and advisor.
Sponsored content — provided for informational and promotional purposes.
<h2 id="zero-trust-reality-check”>The zero trust reality check
Here’s the thing about zero trust – everyone’s talking about it, but hardly anyone’s doing it right. Vendors have turned it into this magical buzzword that solves everything, when really it’s just common sense security principles dressed up in fancy terminology. I mean, think about it – shouldn’t we have been verifying everything by default all along?
The problem isn’t the concept itself. It’s that companies hear “zero trust” and think they can just buy a product that solves their security problems. But zero trust isn’t a product – it’s a strategy. And strategies require actual work, not just writing checks to vendors. Haber’s absolutely right that identity has become the new perimeter, but are companies actually treating it that way?
Where companies keep going wrong
So what’s the main failure point? Basically, organizations focus on the wrong things. They’ll implement multi-factor authentication and call it zero trust, completely missing the lateral movement protection and continuous verification aspects. It’s like putting a fancy lock on your front door but leaving all the windows wide open.
And then there’s compliance. Companies implement zero trust-ish solutions just to check boxes for HIPAA or PCI, without actually understanding how these controls should work together. Compliance does not equal security – we’ve known this for years, yet businesses keep making the same mistakes. The real value comes when you stop treating zero trust as a compliance exercise and start treating it as a fundamental security philosophy.
Why AI changes everything
Now with AI agents in the mix, zero trust becomes even more critical. These systems move fast and make decisions autonomously – if they’re not properly constrained by zero trust principles, we’re looking at potential disaster scenarios. But are security teams even thinking about this?
Haber’s perspective that zero trust is more relevant than ever seems spot on. The traditional security perimeter disappeared years ago, and AI is just accelerating that trend. The companies that actually understand zero trust – not just the vendor hype version – will be the ones that survive the next wave of security challenges. Everyone else? Well, let’s just say the breach reports will be interesting reading.
Continue Reading: Related Articles
Cybersecurity
AI
Cybersecurity
Cybersecurity
AI
