Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Security graphs and Zero Trust: what practitioners should change now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Zero Trust has moved from a niche concept to a broad resilience strategy, with John Kindervag and Chase Cunningham arguing that security graphs now underpin better mapping, prioritisation, and containment, according to Illumio. The practical shift is away from compliance-driven alerting toward attacker-aware control of blast radius and transaction flow.

NHIMG editorial — based on content published by Illumio: Zero Trust has grown up and what its founders say comes next

By the numbers:

Questions worth separating out

Q: How should security teams implement Zero Trust when they cannot fully map all transactions yet?

A: Start with the protect surface, not the entire estate.

Q: Why do service accounts make zero trust harder to operationalise?

A: Service accounts often have broad, persistent access and are difficult to inventory across cloud and application layers.

Q: What do security teams get wrong about measuring Zero Trust programmes?

A: They often measure noise instead of governance.

Practitioner guidance

  • Map protect surfaces and transaction flows Identify the critical data, applications, services, and identity paths that attackers would target first.
  • Align identity governance with containment goals Review whether human accounts, service accounts, and workload identities are governed as one risk surface.
  • Prioritise blast-radius controls over alert volume Measure resilience by how far an attacker can move after the first foothold, not by the number of alerts generated.

What's in the full article

Illumio's full article covers the operational detail this post intentionally leaves for the source:

  • The full conversation with John Kindervag and Chase Cunningham on how they apply Zero Trust in practice.
  • The security graph discussion that explains how map quality changes prioritisation and containment decisions.
  • The podcast context on how teams can think like an attacker when defining protect surfaces and response goals.
  • The article's discussion of AI-assisted response and why machine-speed action still depends on human-defined policy.

👉 Read Illumio's discussion on how Zero Trust has matured into graph-driven containment →

Security graphs and Zero Trust: what practitioners should change now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Security graphs are becoming the missing control plane for Zero Trust. The article is right to treat mapping as a foundational task because policy fails when teams cannot see the relationships that matter. In identity terms, this is especially relevant to NHIs, where service accounts and workload paths often evade traditional review processes. Practitioners should treat graph visibility as a control requirement, not a reporting feature.

A question worth separating out:

Q: What should organisations do before using AI to support incident response?

A: They should first reconcile who has access, who owns each account, and which permissions are still active. Without that baseline, AI may recommend the wrong containment step or miss the identities that matter most during a breach.

👉 Read our full editorial: Zero Trust has matured into graph-driven containment strategy



   
ReplyQuote
Share: