By definition, a zero trust security model advocates the creation of zones and segmentation to control sensitive IT resources. This also entails the deployment of technology to monitor and manage data between zones, and more importantly, user interactions within a zone(s). While zero trust has become a trendy catchword in IT, in practice, this model is generally impractical, or unrealistic to implement.The only successful zero trust implementations that have gone from marketing to reality are ones that baked zero trust in from day one. Typically, this is not something everyone can do unless they are embarking on a brand new initiative. For zero trust to be effective, it needs to consider not only the user, but the risks of the resources themselves. It does not.