Zero trust is a posture, not a product. Five enterprises explain why.
Zero trust programmes struggle when organisations buy a product and expect the posture to follow. The enterprises making progress are treating zero trust as a coordinated shift across identity, network design, workload access, telemetry, and the daily habits of operators and developers.
The posture shifts only when controls and behaviours reinforce each other.
The enterprises we studied all began with sensible intentions: stronger identity, better segmentation, tighter device control, or improved telemetry. The programmes accelerated only when those changes were linked into a coherent access model and operational playbook rather than pursued as separate security projects.
Zero trust became real when users, engineers, and security teams could understand who should access what, from where, under which conditions, and with what evidence. That required policy clarity, better asset understanding, and a response model able to act on the telemetry being collected.
No layer carries the posture alone. Identity, access context, segmentation, and response habits have to reinforce one another in daily operations.
What the five enterprises were consistent about.
Identity is the foundation but not the finish line
Stronger authentication and role design improved risk posture quickly, but the real gains appeared when identity signals shaped network and workload policy decisions.
Segmentation only works when teams know what they are segmenting
Application dependency mapping and business-context tagging were essential; otherwise microsegmentation became a source of outages and policy confusion.
Telemetry without action creates fatigue
Enterprises generated better detection data, but value only improved when response playbooks, ownership, and escalation rights were updated to use it.
Developers and operators need a usable access model
Programmes stuck when security policy felt arbitrary. They moved faster when access paths, exceptions, and break-glass routines were understandable and measurable.
How to turn the idea into a posture.
Create a decision model for access
Define how identity, device state, network context, and workload sensitivity combine to grant, step up, or deny access.
Map the assets and dependencies that matter most
Start with critical applications and operational flows where better access control materially reduces exposure.
Rework break-glass and exception handling
Emergency access, supplier support, and privileged maintenance routines must be part of the posture, not hidden side doors.
Connect telemetry to response ownership
Detection rules, triage workflows, and remediation actions need named owners and rehearsed operating paths or the data will not change behaviour.
Where enterprises are seeing posture gains first.
Privileged access is becoming more explicit and reviewable
Enterprises are shrinking standing privilege and making elevated access easier to trace and challenge.
Lateral movement risk is being reduced in critical zones
Clearer segmentation and better workload context are narrowing the blast radius of credential compromise or device drift.
Security operations are getting better signals to act on
Teams that tie access context to detection logic are improving prioritisation and reducing noisy investigation loops.
Zero trust becomes real when access decisions stop being assumptions and start being explicit, contextual, and observable.Kenji Sato - Cybersecurity & Resilience Lead, Tata Consulting Services
Explore adjacent insights from the same research stream.
The AI Premium: where leaders are seeing returns, and where they aren't.
Our 12th annual CEO study shows how AI value is concentrating, what separates the 14% pulling away, and the portfolio decisions that create durable returns.
PerspectiveBeyond the pilot: what it actually takes to put GenAI into production.
A field guide drawn from 340 enterprise GenAI deployments on the controls, operating choices, and release patterns that move use cases from pilot to production.
Point of viewThe next operating model: small teams, large autonomy, AI in the loop.
A framework for reorganising IT and operations around small outcome teams, shared platforms, and AI-assisted execution without recreating old handoffs.