Operant AI announced the launch of MCP Gateway, an expansion of its flagship AI Gatekeeper™ platform, that delivers comprehensive security for Model Context Protocol (MCP) applications.
It's Not About the Perimeter Anymore: Getting Started with Zero Trust
April 07, 2021
Organizations need to show agility in the face of ever-changing economic, social, governmental, regulatory, and technology disruptions. Today, in the near post-COVID world, we can work, learn, and socialize from anywhere. The enterprise boundary has been extended beyond the DMZ to the cloud and to your home. This means we can't have a network perimeter-centric view of security anymore; instead, we need to securely enable access for the various users (employees, partners, contractors, etc.) regardless of their location, device, or network.
What is Zero Trust?
Zero Trust is a concept coined by John Kindervag in 2010 during his time as Principal Analyst for Forrester Research. A Zero Trust model replaces perimeter-centric security architecture. It ensures that security and access decisions are dynamically enforced based on identity, device, and user context. Zero Trust starts with a security posture of "deny by default," meaning organizations should not trust any entity inside or outside their network perimeter at any time.
How to Start
How do you go about adopting Zero Trust in your organization? Here are the key steps:
Tie to business
Avoid using "Zero Trust" as a term to justify security investments to business stakeholders. Talk about how adopting Zero Trust will enable new digital business, cloud, and mobile initiatives. You're here to enable the business not hinder it. Talk about the end state where you have established Zero Trust and you're continuously assessing risk and trust that will adapt to the changing context — no business leaders want to be associated with SolarWinds-type headlines.
Choose the right project or initiative
Zero Trust can be difficult and time-consuming to set up. To get started, look for applications or networks that you don't run inside your managed perimeter or data center. For instance, those might be applications that are hosted or supplied by cloud providers. Inside your managed perimeter you will find systems of record that are slow and difficult to change. Outside, you'll find there are systems of innovation not burdened by legacy architecture, making them easier to change.
Start small
Don't expect to Zero Trust your entire enterprise all at once — this is next to impossible and will fail. You'll need time to consider and plan how to segment data and applications, verify devices and users, gain end-to-end visibility of your entire enterprise, and wrangle legacy systems. Start small with an access scenario where the Zero Trust model will generate the biggest value. Do this as quickly as possible. Prove out the model, show some success, and start your stakeholders along the journey.
Learn from others
The security vendors used in your enterprise will offer advice on Zero Trust. There are also federal recommendations: The National Institute of Standards and Technology (NIST) provides a guide with general deployment models and use cases where Zero Trust could improve overall information technology security posture. Analyst firms regularly provide guidance on the concept. Gartner's point of view is called Continuous Adaptive Risk and Trust Assessment (CARTA).
User experience
Consider the user experience as well as security. Workforce habits are changing, and this change accelerated during COVID. People expect ease of access, whether they're using a cloud-based service or "internal" data. Traditional tools like VPNs are clunky and frustrating to use. With many new perimeters to secure, and boundaries that have become ephemeral and nebulous, you should aim to make it easy for users to access with appropriate guardrails.
Technical Steps
After you identify the small project or initiative to start with and have a plan in place, it's time to turn to the technology side of Zero Trust:
■ First and foremost, educate your employees on risk.
■ Avoid punching holes in your perimeter with a VPN. Provide your users with application-only access, not network access. Only grant access to the applications users' need for their role. Base this access on entitlement, user identity, device posture, authentication, and authorization.
■ Figure out the right Identity and Access Management for your organization. MFA is mandatory, and the core technology for Zero Trust.
■ Isolate your network infrastructure from the internet — the safest machine in the world is a disconnected one. Know how to distinguish between managed and unmanaged devices connecting to your network.
■ Enable threat protection on incoming traffic, invest in Layer 7 proxies for establishing trust and verifying content (API Management, WAF, etc.).
■ Proactively monitor network and application access activity logs to detect anomalies.
Prepare and Practice
Breaches happen, and mistakes will be made. How ready is your incident response process? Have you tested it with a game-day scenario? Remember that implementing a Zero Trust approach to security in your organization is not a one-time event: continuously evolve your security posture to meet an ever-changing landscape.
Industry News
June 12, 2025
Oracle has expanded its collaboration with NVIDIA to help customers streamline the development and deployment of production-ready AI, develop and run next-generation reasoning models and AI agents, and access the computing resources needed to further accelerate AI innovation.
June 12, 2025
Datadog launched its Internal Developer Portal (IDP) built on live observability data.
June 12, 2025
Azul and Chainguard announced a strategic partnership that will unite Azul’s commercial support and curated OpenJDK distributions with Chainguard’s Linux distro, software factory and container images.
June 11, 2025
SmartBear launched Reflect Mobile featuring HaloAI, expanding its no-code, GenAI-powered test automation platform to include native mobile apps.
June 11, 2025
ArmorCode announced the launch of AI Code Insights.
June 11, 2025
Codiac announced the release of Codiac 2.5, a major update to its unified automation platform for container orchestration and Kubernetes management.
June 10, 2025
Harness Internal Developer Portal (IDP) is releasing major upgrades and new features built to address challenges developers face daily, ultimately giving them more time back for innovation.
June 10, 2025
Azul announced an enhancement to Azul Intelligence Cloud, a breakthrough capability in Azul Vulnerability Detection that brings precision to detection of Java application security vulnerabilities.
June 10, 2025
ZEST Security announced its strategic integration with Upwind, giving DevOps and Security teams real-time, runtime powered cloud visibility combined with intelligent, Agentic AI-driven remediation.
June 09, 2025
Google announced an upgraded preview of Gemini 2.5 Pro, its most intelligent model yet.
June 09, 2025
iTmethods and Coder have partnered to bring enterprises a new way to deploy secure, high-performance and AI-ready Cloud Development Environments (CDEs).
June 09, 2025
Gearset announced the expansion of its new Observability functionality to include Flow and Apex error monitoring.
June 05, 2025
Check Point® Software Technologies Ltd. announced that U.S. News & World Report has named the company among its 2025-2026 list of Best Companies to Work For.
June 05, 2025
Postman announced new capabilities that make it dramatically easier to design, test, deploy, and monitor AI agents and the APIs they rely on.
