Addressing the “trust” in Zero Trust
There was a time when trust was simple. You built walls, guarded the gates, and everyone inside those walls was trusted. Then the world changed.
The COVID-19 pandemic didn’t just disrupt business, it dissolved the perimeter. Overnight, work became borderless. Employees logged in from kitchens and cafés, from cities and villages. Every home turned into a branch office. Every device became a potential risk.
That moment redefined how the world thought about security. What had once been centralized and contained suddenly became distributed and dynamic. And in that uncertainty, Zero Trust became the rallying cry. Born out of crisis, Zero Trust offered clarity. “Never trust, always verify.” It was a philosophy forged in the chaos of remote work and relentless breaches, a way to rebuild control when control seemed lost.
And for some time, it saved us.
Zero Trust gave the industry discipline. It raised the floor. It made organizations more conscious of who they were letting in, what they were granting, and how that access was being used. It brought accountability to a space that had long relied on implicit trust. Gartner found that 63 percent of organizations worldwide have fully or partially implemented a Zero Trust strategy, yet for 78% of those, the investment represents less than 25% of their cyber budget, and for most, Zero Trust covers half or less of the environment and mitigates one-quarter or less of enterprise risk.
This is proof of how deeply the philosophy has reshaped enterprise security thinking. But it also did something else. It made us wary of ourselves.
We built systems that treated every user, every device, every access request with suspicion. We replaced walls with revolving doors, endlessly verifying, endlessly doubting. That doubt was necessary once. But no one can live forever in a state of suspicion. Not people, and not businesses.
The constant friction of authentication fatigue began to wear people down. It created compliance, but not confidence. It kept threats out, but it also kept trust out. According to Gartner, 62 percent of organizations expect their costs to rise, and 41 percent foresee greater staffing demands because of Zero Trust implementation. The burden is growing. So, the question now is not whether Zero Trust was wrong, it wasn’t. It was necessary. The question is whether it’s enough?
The age of Managed Trust
The next chapter of cybersecurity is not about refusing trust. It’s about managing it.
It’s about knowing who and what to trust, by how much, and when. Trust is not a weakness, it’s the foundation of everything that works. But it must be earned, measured, and adjusted, like light through a lens. Too much, and you blind yourself. Too little, and you see nothing at all.
Managed Trust is this balance. It takes what Zero Trust built and teaches it to breathe. It looks beyond entry-time checks and begins to ask harder, deeper questions:
What is this user’s history?
How does this identity behave over time?
Who has proven to be disciplined, reliable, and aware?
A manager who has worked in the same company for five years, using the same two devices and showing caution with access requests, has earned a different level of confidence than someone who’s been here for a year and approves everything that lands in their inbox.
Managed Trust understands that difference. It treats trust as a living signal, not a permanent state. It’s dynamic. It grows, adapts, and learns, integrating identity, behavior, and risk context to build a continuously evolving picture of who can be trusted, and to what extent.
Culture as the missing control
Zero Trust looked at networks. Managed Trust looks at people.
It measures behavior, learns from it, and in doing so, makes the organization stronger from within. When trust is managed, employees no longer feel like suspects. They become participants.
Security stops being a policing function and becomes a shared value. You cannot train people into security, but you can make them see that their behavior matters. And that’s what changes culture. A company that manages trust is not only safer, but also saner. It replaces paranoia with awareness and fear with partnership.
This cultural shift is the most underappreciated security control of all. Technology can enforce compliance, but only culture can sustain vigilance. Managed Trust makes that possible, it gives people a stake in security without drowning them in friction.
A more human future for security
Zero Trust will always have its place. It was the shield we needed when everything began to break. But Managed Trust is the conversation that follows, calmer, wiser, and more attuned to reality. It is security that understands business, and business that understands human nature. Security is no longer about walls or even about code. It’s about how we handle trust: who deserves it, how we measure it, and when we take it back. The future of cybersecurity is not about trusting less. It’s about trusting well, because trust isn’t binary, it’s earned, evolved, and managed.
Zero Trust made us safer. Managed Trust will make us stronger.
Nitaant Singh
Nitaant Singh is the Chief Product Marketing Officer (CPMO) at Cross Identity.
Next Article