TL;DR: Only 2% of organisations have fully achieved Zero Trust maturity across all pillars, while 88% of CISOs report major implementation challenges and nearly 70% of leaders still consider microsegmentation essential, according to Zero Networks. Continuous east-west visibility becomes the practical constraint on enforcement, not the policy concept itself.
NHIMG editorial — based on content published by Zero Networks: How Real-Time Network Visibility Enables Automated Zero Trust Enforcement
By the numbers:
- Roughly 86% of organizations say they’ve started adopting Zero Trust security, but only 2% have fully achieved maturity across all its pillars.
- 88% of CISOs say they’ve experienced significant challenges in their attempts to implement Zero Trust.
- 70% of security leaders agree that microsegmentation is, ation is very important or essential for achieving Zero Trust.
Questions worth separating out
Q: How should security teams implement microsegmentation without breaking production traffic?
A: Start with live east-west traffic data, not a guessed network map.
Q: Why does stale network visibility weaken Zero Trust enforcement?
A: Zero Trust depends on current knowledge of what communicates with what.
Q: How do you know if microsegmentation controls are actually working?
A: Look for fewer unmanaged communication paths, fewer manual exceptions, and a policy baseline that stays aligned as the environment changes.
Practitioner guidance
- Build segmentation from live east-west telemetry Use continuously observed communication data to define what should be allowed between workloads, then review exceptions against that live baseline instead of a static map.
- Simulate every policy before enforcement Require staged testing against real traffic so teams can see which business connections would break before a rule is deployed.
- Track policy drift as a control failure Measure how often segmentation rules need manual exception handling, because repeated exceptions usually mean the underlying behaviour baseline is stale.
What's in the full article
Zero Networks' full article covers the operational detail this post intentionally leaves for the source:
- The step-by-step discovery and grouping workflow used to build the real-time network baseline.
- The simulation and staged-enforcement process for validating policy before rollout.
- The operational model for continuous adaptation as assets and communication paths change.
- The vendor’s identity-driven segmentation implementation details across on-prem, cloud, IoT/OT, and Kubernetes environments.
👉 Read Zero Networks' analysis of real-time visibility and Zero Trust microsegmentation →
Microsegmentation without live traffic data: what IAM teams should watch?
Explore further
Real-time enforcement has become the missing control plane for Zero Trust. Static policy snapshots cannot keep pace with modern hybrid estates, and that creates a governance gap between declared intent and actual enforcement. The article is right to frame visibility as an input to control rather than a reporting artifact. For practitioners, the implication is clear: Zero Trust programs must measure whether policy reflects live behaviour, not whether a dashboard exists.
A question worth separating out:
Q: What should teams do when segmentation policies conflict with business operations?
A: Treat the conflict as a signal to improve traffic data quality and policy granularity, not as proof that segmentation cannot work. Simulate the rule, identify the exact dependency, and adjust the policy based on observed behaviour. The goal is to remove only unnecessary paths while preserving legitimate ones.
👉 Read our full editorial: Real-time network visibility is the missing input for microsegmentation