As workers become more mobile and workloads move into the cloud, the traditional model of enforcing security at the network perimeter becomes ineffective.

A Zero Trust model of strict identity verification and access control for every user or device offers an alternative that secures data while ensuring it is accessible to those who need it.

Consequently, many organizations are looking to adopt a Zero Trust approach to security, especially in the post Covid era with more people working remotely and greater reliance on cloud computing.

However, adopting this security model can’t be done overnight. Organizations need to find the best route to implementing it, but most struggle to find the right solutions, to find the right people to deploy them, and even to grasp the basics of Zero Trust Architecture.

Zero Trust is tightly bound up with identity, access, and cloud, and therefore was a key topic at KuppingerCole’s 2021 European Identity and Cloud (EIC) conference this past week, with several sessions devoted to helping organizations begin or advance their journey to Zero Trust.

“The pandemic has dramatically changed how we work, shop, meet and learn, which means simple username and password credentials can no longer be part of this new world,” according to Gerhard Zehethofer of ForgeRock. He outlined the need to apply Zero Trust thinking to all identities in his EIC presentation on Applying Zero Trust to Humans and Things.

The “assume breach” mindset, is a key aspect of a Zero Trust, according to Yuval Moss of CyberArk, who highlighted the importance of taking this approach and underlined how Identity becomes central to this strategy in his EIC presentation on Why ‘Zero Trust’ is Driving an Identity Centric Security Strategy

The theme of Identity and Zero Trust was continued in the sessions on Identity in Zero Trust model by Anoop Mangla of Wipro; on Using Identity in a Zero Trust Architecture by Scott Rose of NIST; and on Security & Identity: How Hindsight Helps Us Plan for the Future by Max Faun of Okta, who examined whether Zero Trust is the way forward for an identity-centric secure future.

Eleni Richter of EnBw looked at Zero Trust Use Cases, Tom Whitney of iProov explained How Biometric Face Verification Enables Effortless IAM in a Zero Trust Environment, Bryan Meister of Verizon Media talked about Driving Business Value in the Enterprise with Zero Trust, while Peter Dulay of Broadcom discussed A Holistic Approach to PAM for the Shift to a Zero Trust Model, and a panel debated Why Identity User Experience Matters More Than Ever in a Zero Trust World.

Identity, access, and cloud featured throughout EIC 2021, starting with the opening keynote on Multi-Cloud Multi-Hybrid IT: How to Make your Digital Business Fly by Martin Kuppinger of KuppingerCole who explained how IT, IT Security, and Identity & Access Management need to evolve to make the digital business fly.

Zero Trust is a journey that begins with a long-term business strategy and focuses on a step-by-step implementation, using existing or readily available tools and technologies, while maintaining the continuity of business processes and avoiding adding even more complexity to the existing architecture

— Alexei Balaganski, Lead Analyst, KuppingerCole

Because we understand how important Zero Trust is and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats available.


No matter where your organization is in the journey to Zero Trust, a good place to start is KuppingerCole’s Comprehensive Guide to Zero Trust Implementation. Whether you are looking for help on how to start or just to check you are on the right track, this guide is essential to any organization seeking to protect modern hybrid IT environments.


If you are still undecided about the value of pursuing a Zero Trust approach to security, find out how Zero Trust principles could have prevented some recent high-profile cyber-attacks in this presentation on Zero Trust for Reducing the Risks of Security Incidents by Matthias Reinwarth, Lead Advisor and Senior Analyst at KuppingerCole.

To find out what you need in terms of Identity Governance and Administration (IGA) and beyond to enable Zero Trust, watch this discussion by KuppingerCole’s analysts on the topic: No Zero Trust Without Strong IAM.

You can also listen to discussions by our analysts on a range of Zero Trust topics, including general topics such as Zero Trust as a Concept for Trust and Security, What Keeps Organizations From Adopting Zero Trust, What to Do and Where to Start, and why Zero Trust Means Zero Blind Spots.

There are also discussions on more specific topics such as Applying The Zero Trust Principle To The Software Supply Chain and NIST’s Zero Trust Architecture.


If you would prefer to read what our analysts have blogged about Zero Trust, choose from the following blogs about:

You can also have a look at some blog posts by guest bloggers on:


A good understanding of the barriers to Zero Trust implementation and the tools that can help is essential to enabling organizations to discover their best route to securing their environments and minimizing risk, according to Martin Kuppinger, Principal Analyst at KuppingerCole and Morey Haber, CTO & CISO at BeyondTrust.

These Zero Trust experts discuss the most important issues surrounding the implementation of this model of security in this webinar on Finding Your Path to Zero Trust

John Tolbert, Lead Analyst at KuppingerCole and Richard Meeus, EMEA director of security technology and strategy at Akamai discuss the benefits and challenges of authentication and authorization for every session in your environment on-prem and in the cloud, and examine the technological options in this webinar on Technological Approaches to a Zero Trust Security Model.


Implementing a Zero-Trust Architecture model requires a very comprehensive IAM infrastructure. To find out more about this, read this whitepaper on Identity Integration for Zero-Trust and Digital Transformation.

Tech Investment

Although Zero Trust is not a product or a technology, there are several related technology solutions that we have evaluated.