Page 77 - Cyber Defense eMagazine September 2025
P. 77
Zero Trust: What Cybersecurity Experts Can Learn from
Prisons
By Nick Kathmann, CISO, LogicGate
Just a few years ago, “Zero Trust” was the hottest buzzword in cybersecurity. In fact, it became so hot
that every vendor wanted to use it—whether their solution adhered to Zero Trust principles or not. The
result? The power of Zero Trust was significantly diluted. The term was manipulated by marketers and
came to mean different things for different scenarios, creating confusion in the market and leaving
customers uncertain about what Zero Trust actually means and whether it applied to them. Slapping the
“Zero Trust” label on every security solution probably helped push product in the short term—but in the
long term, it eroded confidence in Zero Trust principles themselves.
So, let’s clear it up with a simple analogy. Zero Trust is, basically, mirroring prison facility architecture.
Zero Trust principles state that risk leaders should be designing their architectures with the goal of
reducing the potential blast radius of a security incident. That requires tactics like micro segmentation,
along with a strict and continuous approach to identity validation and data access privileges. High-security
prisons are built on that same Zero Trust concept: access to the facility itself is extremely restricted, and
even once inside, there are numerous security checkpoints, access barriers, and other safeguards
designed to limit unauthorized movement or activity. Leaving one cell doesn’t immediately grant access
Cyber Defense eMagazine – September 2025 Edition 77
Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
