惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
F
Fortinet All Blogs
博客园_首页
The GitHub Blog
The GitHub Blog
V
Visual Studio Blog
D
DataBreaches.Net
aimingoo的专栏
aimingoo的专栏
爱范儿
爱范儿
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
N
Netflix TechBlog - Medium
阮一峰的网络日志
阮一峰的网络日志
P
Proofpoint News Feed
D
Docker
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
The Cloudflare Blog
罗磊的独立博客
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
T
The Exploit Database - CXSecurity.com
博客园 - 三生石上(FineUI控件)
量子位
The Last Watchdog
The Last Watchdog
MyScale Blog
MyScale Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
The Blog of Author Tim Ferriss
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
小众软件
小众软件
Cloudbric
Cloudbric
博客园 - 司徒正美
H
Help Net Security
人人都是产品经理
人人都是产品经理
Application and Cybersecurity Blog
Application and Cybersecurity Blog
L
LangChain Blog
Latest news
Latest news
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
博客园 - Franky
S
Security Affairs
W
WeLiveSecurity
F
Full Disclosure
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News
The Hacker News
The Hacker News
Cyberwarzone
Cyberwarzone
美团技术团队
PCI Perspectives
PCI Perspectives
C
Check Point Blog
Spread Privacy
Spread Privacy

WhatIs

Strategic IT outlook: Tech conferences and events calendar | TechTarget 8 AI use cases in manufacturing Enterprises are making an AI native transformation Generative AI ethics: 16 biggest concerns and risks How algorithmic value sets enhance clinical decision-making Top methods for collecting customer feedback Build a data governance team that delivers results How to calculate the total cost of ownership of ERP software Communities call for transparency in AI data center deals Scalable IT infrastructure: Balancing speed with stability How health systems are tackling 'Kill the Clipboard' obstacles Understanding the science behind AI-based hiring assessments Tape's strategic role in modern data protection How to choose an HR software system in 2026: A complete guide The UC stack gets the policy job Top zero-trust use cases in the enterprise 13 top IT infrastructure conferences in 2026 SNMP vs. CMIP: What's the difference? 3 essential network analytics use cases AI Security Risks Force CIOs to Rethink Strategy Red Hat Summit 2026 news and conference guide | TechTarget What is HR technology (human resources tech)? Understand, optimize and track customer journey touchpoints Should IT use Apple Business Manager without MDM? Build and organize an effective machine learning team The storage modernization imperative in a fast-changing IT landscape Procurement automation use cases for CSCOs to consider 3 steps for health system leaders to drive patient safety culture What is DevOps? Meaning, methodology and guide Enterprises Face New Storage Bottlenecks as AI Grows A guide to Intune Suite licensing for endpoint management Epic controls 42% of the US EHR market. Does that help or hurt interoperability? SAP Sapphire 2026 news, trends and analysis | TechTarget How to develop a data governance strategy: 7 key steps 12 generative AI tools for marketing and sales teams Top 9 smart contract platforms to consider in 2026 Top 8 e-signature software providers for 2026 Rise with SAP vs. S/4HANA Cloud: What are the differences? How businesses use KPIs to measure AI's performance 5 clues your network has shadow AI How do digital signatures work? Collaboration security and governance must be proactive Compare SAP greenfield vs. brownfield approach for S/4HANA Merck, Home Depot tap Gemini Enterprise for AI agent development Rural challenges may dampen digital healthcare's potential Build an ethical AI framework: 12 top resources The great workload reshuffle: Choices for AI and analytics How to remove a device from Intune enrollment Cisco unveils quantum network advancements 3 BYOD security risks and how to prevent them 10 of the top carbon accounting software 8 trends powering machine learning's dynamic new roles Network engineers must take the lead to push DDI to the cloud How does Microsoft 365 Copilot pricing and licensing work? ONC highlights behavioral health EHR adoption trends, data exchange barriers LLMs struggle with clinical reasoning, study finds Democratizing AI in business: The good, bad and ugly What can organizations do to address BYOD privacy concerns? Fix the service path before you optimize it with AI How AI reshapes upselling in customer experience platforms When collaboration starts becoming operational drag Balancing health AI management with growing vendor sprawl Career cure for AI phobia: Be a beekeeper, not a worker bee 16 top applicant tracking systems for 2026 How a rural community hospital deploys AI to detect heart disease 8 examples of document version control Guide to 30+ sustainability certifications for professionals AI agents are only as smart as the data that feeds them AI could earn trust in transactional work first How to fix keyboard connection issues on a remote desktop How to add and enroll devices to Microsoft Intune 11 DevSecOps best practices to prioritize in 2026 6 key components of a successful data strategy How to enable Copilot in Microsoft 365: A step-by-step guide What CIOs need to know about Meta's proposed CEO AI agent Top AI recruiting tools and software of 2026 How contact centers detect and prevent fraud 10 essential skills for modern contact center agents Beyond the chatbot: Engineering the agentic enterprise AI in business intelligence: How to manage it effectively Why legacy networks are a growing liability Failure is an option as an IT leadership tool How HR can create a successful change management strategy HR AI is becoming a change management story Digital transformation: Balancing speed and governance RSAC 2026 Conference: Key news and industry analysis | TechTarget 8 best practices for a bulletproof IAM strategy 5 customer journey phases businesses should understand 12 top HR software and tool options to consider in 2025 6 contact center trends shaping the future of customer service Contact center monitoring best practices for CX leaders Cloud vs. local backup: Which is right for your organization? 6 steps for when remote desktop credentials are not working How governance maturity affects M&A integration outcomes Inside the push to turn AI agents into suite functionality How should contact centers use AI today? Accenture global health lead on scaling AI in healthcare with governance and intent 10 best free DevOps certifications and training courses in 2026 What is compensation management? What CIOs must know about bossware strategy
Zero trust in the IT ops stack: Securing hybrid workloads
2026-05-07 · via WhatIs

Damon Garn

By

Published: 07 May 2026

As hybrid and multi-cloud infrastructures expand the attack surface, modern IT environments are moving beyond legacy, perimeter-based security to distributed, identity-centric models. This shift is driving increased convergence between security and IT operations responsibilities.

Zero-trust operations embed continuous verification and enforcement of least privilege access into business-critical workflows. For executive leaders, zero trust delivers tangible value in several ways:

  • Strengthening risk governance.
  • Reducing the blast radius.
  • Improving executive visibility.
  • Modernizing legacy architecture.
  • Improving resilience.
  • Aligning security with digital transformation and agility.
  • Enhancing auditability and compliance.

This article examines the role of zero-trust security in forward-looking enterprises. It includes an executive roadmap for directing this evolution.

Zero-trust security is not a product; rather, it's an essential operational model that is rapidly becoming a strategic imperative for enterprise security leadership. Before delving into the role of identity in zero trust, it's important to understand how traditional security approaches fail to address modern threats.

Identity as the foundation of zero-trust operations

Perimeter-based security establishes a clear network boundary and implements security controls within it. These controls assume that any entity within the environment could be trusted. Modern hybrid/remote workforces and evolving threat models render this approach obsolete.

Graphic depicting zero-trust vs. perimeter-based security.
Zero-trust security encompasses what traditional perimeter-based security protected, as well as remote employees, cloud workloads and more.

Instead, identity is the new security control plane, handling users, services, applications, automation and workloads. Here are some core operational practices:

  • Identity lifecycle management. Automate provisioning and deprovisioning, enforce multifactor authentication and regularly review access to prevent orphaned accounts and privilege creep.
  • Least privilege access. Apply fine-grained role-based access control (RBAC) and attribute-based access control (ABAC) policies based on context, and continuously audit permissions across hybrid environments.
  • Short-lived credentials and token-based access. Use ephemeral tokens and just-in-time access to minimize risk and eliminate standing privileges.
  • Centralized visibility. Unify identity data across on-premises, cloud and SaaS to monitor access, detect anomalies and enforce consistent governance.

Managing nonhuman identities is crucial. Service accounts, APIs and workloads represent a growing risk area, increasing the attack surface area for many organizations.

Operationalizing zero trust requires centralized visibility and management across all environments -- on-premises, remote and cloud -- to drive risk mitigation and governance. Automation supports these efforts, particularly in complex hybrid infrastructures.

Automating security policies across hybrid infrastructures

Enforcing consistent control across on-premises, remote and cloud deployments remains complex. Successful operations teams will transition from manual controls to scalable, policy-driven automation.

The following are key best practices:

  • Policy as code for version-controlled, auditable enforcement.
  • Automated compliance and continuous validation.
  • Infrastructure guardrails embedded in provisioning workflows.
  • Integration with infrastructure as code (IaC) tools to enforce security at deployment.

The benefits? IT operations will experience less configuration drift, faster incident remediation and scalable governance. However, zero trust extends beyond infrastructure to include CI/CD pipelines.

Securing CI/CD and the modern IT delivery pipeline

One often-overlooked attack vector involves the CI/CD delivery pipeline. The software supply chain -- whether entirely in-house or in tandem with external partners -- represents a new and high-value attack target. Securing delivery pipelines is a prime example of using zero-trust security models.

The following are key controls to consider:

  • Secrets management, including the use of vaults and dynamic secrets.
  • Signed artifacts and provenance tracking.
  • Restricted pipeline permissions and isolation.
  • Runtime verification and deployed artifact monitoring beyond CI/CD pipelines.

Enforcing least privilege access for developers and automation tools is non-negotiable. Executives must ensure that third-party developers and partner organizations adhere to the same rigorous security requirements as internal teams.

Visibility and continuous verification

Zero-trust security models require continuous monitoring. Implementing a zero-trust infrastructure means significant changes to IT practices, tooling and configuration management. It can't be a one-time project with a single validation check.

All elements of the architecture require observability, including access identities, workloads and network activity. Integrate tools that detect anomalies in access patterns and behavior, alerting security staff and launching automated incident response activities.

Continuous process evaluation enables agility and growth. This evaluation requires feedback loops between monitoring systems and policy enforcement. Tools must provide the necessary telemetry to improve the organization's security posture over time and to measure progress.

Operational roadmap for IT leaders

Plan for incremental adoption versus an organization-wide transformation. A realistic strategy that prioritizes scalability and governance enables the greatest success.

Use the following roadmap to establish and maintain a zero-trust architecture:

  • Step 1: Visibility. Inventory all identities -- human, service and machine -- then map workload access paths and identify overly permissive roles across hybrid environments.
  • Step 2: Prioritize critical assets. Classify sensitive systems, data and pipelines to focus zero-trust efforts where risk is highest.
  • Step 3: Enforce least privilege. Implement RBAC or ABAC, eliminate standing privileges and adopt short-lived credentials wherever possible.
  • Step 4: Introduce policy automation. Use policy as code and integrate with IaC pipelines to enforce guardrails consistently at deployment and runtime.
  • Step 5: Secure the delivery pipeline. Apply zero-trust controls to CI/CD, including secrets management, artifact signing and restricted execution environments.
  • Step 6: Continuously monitor and adapt. Feed telemetry into detection systems, refine policies based on behavior and automate remediation where feasible.
  • Step 7: Drive organizational alignment. Ensure security, IT operations and platform teams share ownership, metrics and tooling for sustained adoption.

Conclusion: From concept to operational discipline

Zero trust is no longer theoretical -- it's an operational discipline IT leaders must actively build into their environments. As hybrid and multi-cloud environments evolve, identity-driven, continuously verified access will define resilience.

Start small, automate relentlessly and integrate security into every workflow. Organizations that act now will be in the best position to adapt, scale and defend in an increasingly distributed and unpredictable threat landscape.

Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to Informa TechTarget, The New Stack and CompTIA Blogs.

Dig Deeper on IT systems management and monitoring