Risky Bulletin Sponsored: Why you're probably doing Zero Trust wrong
8 snips
Oct 26, 2025 In this discussion, Adam Pointon, CEO of Knock Knock and an expert in Zero Trust architectures, critiques the trendy yet diluted understanding of Zero Trust. He explains that merely implementing multi-factor authentication (MFA) and single sign-on (SSO) won't fulfill its true essence. The conversation highlights how just-in-time network access and nano-segmentation can effectively reduce security exposure. Adam stresses that to achieve real Zero Trust, organizations must rethink their approaches beyond basic authentication to include comprehensive network access control.
AI Snips
Chapters
Transcript
Episode notes
Zero Trust's Original Focus Was Network Control
- Zero Trust originally meant controlling network-level access tied to authentication, not just adding logins.
- Patrick Gray and Adam Pointon argue that true network control has been sidelined by superficial fixes like SSO everywhere.
Demo: Just-In Network Access To Lights Out
- Patrick Gray describes using Knock Knock to SSO into an internal web app and get a temporary port to a Lights Out system.
- He highlights that access expires after 30 minutes, demonstrating just-in-network access in practice.
Authentication Isn't The Whole Answer
- The industry flipped Zero Trust into an authentication play, equating MFA and centralized identity with full security.
- Adam Pointon warns this feels good but doesn't satisfy Zero Trust's original architecture goals.