Analyst Reports

Explore the Gartner Report: Zero Trust Is an Initial Step on the Roadmap to CARTA

Explore this report to make an informed approach towards making Zero Trust Networking a reality.


Gartner sees "customer interest in and vendor marketing of a “zero trust” approach to networking are growing. It starts with an initial security posture of default deny. But, for business to occur, security and risk management leaders must establish and continually assess trust using Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA) approach."*

As the value of legacy network “inside versus outside” (also referred to as north/south) perimeters decreases, new approaches to creating network trust are needed. This doesn’t mean perimeters go away. The hype around “perimeterless” networks is misguided as there will actually be an increase — not a decrease — in the number of demarcation boundaries of trust. Perimeters should become more granular and shift closer to the logical entities they are protecting — notably the identities of users, devices, applications and workloads (including networked containers in microservices architectures). This is why the phrase “identity is the new perimeter” is so widely used. This shift applies both for network connectivity from within the hybrid data center and for external network access to our enterprise systems and applications.

  • Zero trust networking starts with a security posture of default deny. Trust is assessed at the initiation of network connectivity. But, the term zero trust is a misnomer, as inevitably trust needs to be extended for the work of digital business and government to get done.
  • Zero trust projects target networking (microsegmentation and software-defined perimeters) because of excessive implicit trust in network connectivity and limitations of perimeter security.
  • Perimeters will actually increase in number, becoming more granular and shifting closer to the logical entities they protect — the identities of users, devices, applications, data and workloads.
  • A CARTA strategic approach expands zero trust networking by assessing risk/trust continuously throughout the duration of the network interaction, adapting as needed. Further, CARTA extends these adaptive risk/trust assessments beyond networking to all information security processes.
  • Excessive trust, like excessive risk, represents waste and a latent cost to the organization. Excessive trust, like excessive risk, represents waste and a latent cost to the organization. Continuously assessing risk/trust and adapting leads to lean trust, not zero trust.


*Gartner, Inc., Zero Trust Is an Initial Step on the Roadmap to CARTA, December 10, 2018, Neil MacDonald. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.   Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


About Pulse Secure

Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 23,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.