When Access Point Consulting hosted a recent session with Fortinet, the conversation began with a simple question: if Zero Trust is now the expectation, why do so many organizations still struggle to achieve it?
Scott Pack, Sr. Director of Security Engineering at Access Point, and Joseph Iacovelli, Partner Cybersecurity Strategist at Fortinet unpacked this challenge with candor. Their discussion revealed that the barriers are less about technology itself and more about design—how businesses interpret and implement the philosophy behind Zero Trust.
Zero Trust has long been marketed as a set of tools: multi-factor authentication, micro-segmentation, identity-aware proxies.
Pack agreed. The principle requires organizations to treat every connection—internal or external—as unverified until proven otherwise. That means defining trust dynamically, in real time, and reducing assumptions at every layer of the network. It’s a mindset shift that forces leaders to look beyond perimeter security and start thinking in terms of continuous verification.
For both speakers, visibility was the hinge point. When systems and identities are fragmented across hybrid environments, it’s nearly impossible to enforce Zero Trust consistently.
Fortinet’s Secure Access Service Edge (SASE) approach addresses this by converging networking and security functions—creating one control fabric that extends from the cloud to the endpoint. Within Access Point’s APC Essentials service package, this aligns closely with how clients adopt Zero Trust incrementally. Pack emphasized that real-world implementation isn’t about flipping a switch; it’s about layering controls, prioritizing visibility, and iterating toward a defensible architecture.
Perhaps the most grounded part of the exchange was the acknowledgment that people—not platforms—make or break Zero Trust. Policies that are too rigid can disrupt productivity, while weak enforcement undermines the whole model.
Cybersecurity succeeds when it works with human behavior, not against it.
As the conversation closed, both experts agreed that Zero Trust isn’t an endpoint—it’s a framework for continuous improvement. The organizations that will thrive aren’t the ones chasing every new acronym but those investing in visibility, automation, and cross-team collaboration.
In that sense, the future of Zero Trust looks a lot like the present challenge: designing security that adapts as fast as the threats it’s meant to stop.
Resources
