Tailscale says Zero Trust is broken, and that might be a good thing

Zero Trust has been a buzzword at every enterprise tech conference for years (only recently being replaced with AI), but Tailscale’s new State of Zero Trust 2025 report makes it clear that most organizations still have no idea what it means or how to do it. They surveyed 1,000 IT, security, and engineering leaders. Only 1% of those surveyed said they’re happy with their current access setup. That stat says a lot about the confusion in the marketplace. Some of my favorite gear eufyCam 2C Upgrade your home security with wireless cameras that includes HomeKit compatibility. “Security and productivity shouldn’t be at odds,” said Avery Pennarun, CEO of Tailscale. “When developers, engineers, and IT all say the current system is broken, and worse, start working around it, that’s a sign the tools need to change, not the people. Zero Trust can solve this, but only if it’s actually implemented as a strategy, not just used as a buzzword.” What is Zero Trust? Zero Trust became a topic for IT teams when Google presented its BeyondCorp concept many years ago. Zero Trust, as a concept, was a mindset shift in how organizations approached security. Instead of assuming everything inside the network is safe, Zero Trust starts with the idea that nothing is trusted by default. Every user, device, and app has to prove it belongs, every time. For Apple IT teams, that means thinking differently about how you manage identity, access, and device health across macOS, iOS, and iPadOS. It is not about locking everything down, but a focus on only allowing access to what is needed when it is needed. As remote work and mobility have become more common, this concept has somewhat become the defacto. What is wrong with Zero Trust? The problem is not Zero Trust as a strategy, but rather how it’s implemented. According to Tailscale’s report, most organizations say they are on a Zero Trust journey, but less than 33% have the basics in place. That checklist of things includes things like verifying identity, enforcing least privilege, and moving away from legacy VPNs. A lot of access models today are still tied to IP addresses, firewall rules, or static permissions. 83% of those surveyed admit they have worked around their company’s security controls just to stay productive. One of the most alarming stats in the report is that 68% of those surveyed said former employees still had access to company systems (something I discussed a few weeks ago). Why this matters for Apple IT If you are managing Apple devices, the direction is already clear. I said it back in 2012 as my major prediction for enterprise IT. Identity is at the center of everything, and it’s clear Apple is leaning towards this. With features like Platform SSO, Apple is giving IT teams the tools to build smarter access policies that work wherever users are, but it’s important that IT teams consider the entire journey of hardware, OS, SaaS apps, cloud services, and more. Zero Trust isn’t broken, but we all probably need to dial in on the end goal. Some of my favorite gear Abode Home Security System Abode is the best home security system and includes compatibility with HomeKit. You can download the entire report here.