Explore the Gartner Report: Zero Trust Is an Initial Step on the Roadmap to CARTA

Explore this report to make an informed approach towards making Zero Trust Networking a reality.

Gartner sees "customer interest in and vendor marketing of a “zero trust” approach to networking are growing. It starts with an initial security posture of default deny. But, for business to occur, security and risk management leaders must establish and continually assess trust using Gartner’s CARTA approach."*

As the value of legacy network “inside versus outside” (also referred to as north/south) perimeters decreases, new approaches to creating network trust are needed. This doesn’t mean perimeters go away. The hype around “perimeterless” networks is misguided as there will actually be an increase — not a decrease — in the number of demarcation boundaries of trust. Perimeters should become more granular and shift closer to the logical entities they are protecting — notably the identities of users, devices, applications and workloads (including networked containers in microservices architectures). This is why the phrase “identity is the new perimeter” is so widely used. This shift applies both for network connectivity from within the hybrid data center and for external network access to our enterprise systems and applications.

  • Zero trust networking starts with a security posture of default deny. Trust is assessed at the initiation of network connectivity. But, the term zero trust is a misnomer, as inevitably trust needs to be extended for the work of digital business and government to get done.
  • Zero trust projects target networking (microsegmentation and software-defined perimeters) because of excessive implicit trust in network connectivity and limitations of perimeter security.
  • Perimeters will actually increase in number, becoming more granular and shifting closer to the logical entities they protect — the identities of users, devices, applications, data and workloads.
  • A CARTA strategic approach expands zero trust networking by assessing risk/trust continuously throughout the duration of the network interaction, adapting as needed. Further, CARTA extends these adaptive risk/trust assessments beyond networking to all information security processes.
  • Excessive trust, like excessive risk, represents waste and a latent cost to the organization. Excessive trust, like excessive risk, represents waste and a latent cost to the organization. Continuously assessing risk/trust and adapting leads to lean trust, not zero trust.


*Gartner, Inc., Zero Trust Is an Initial Step on the Roadmap to CARTA, December 10, 2018, Neil MacDonald. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.   Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.