URL Source: http://soti.net/resources/blog/2023/zero-trust-security-model-myths-and-facts-zero-trust-soti/
Last Updated At: 2026-04-01 03:48:54 UTC
Description: The Zero Trust security model is growing in popularity, but there are still misconceptions about it. Here are four common myths about Zero Trust and the facts
Author: Oscar Rambaldini
Keywords: SOTI MobiControl, Microsoft
---
# The Zero Trust Security Model: Four Common Myths and Facts
by Oscar Rambaldini Mar 20, 2023
The concept of the Zero Trust security model was first coined in 2010, but global business adoption of Zero Trust has grown rapidly since [the pandemic](https://soti.net/lp/soti-commitment-during-covid-19/):
| | | |
| --- | --- | --- |
| **Asia Pacific (APAC)**
57% of businesses made Zero Trust a higher priority
20% of businesses made Zero Trust a new priority | **Europe/Middle East/Africa (EMEA)**
62% of businesses made Zero Trust a higher priority
14% of businesses made Zero Trust a new priority | **North America (NA)**
63% of businesses made Zero Trust a higher priority
11% of businesses made Zero Trust a new priority |
Source: [Statista](https://www.statista.com/statistics/1300231/covid-19-impact-on-zero-trust-by-region/)
Because there are several misconceptions surrounding Zero Trust, [SOTI](https://soti.net/) has put together a list of myths and facts to help provide clarity.
## **Myth 1: Zero Trust is a Product**
**Fact: The Zero Trust Security Model is a Strategy**
You cannot go into a store or to a vendor and ask to purchase Zero Trust. Instead, Zero Trust is a business strategy of assuming everything is a threat to your data or network security.
Basically, it means that anyone or anything trying to access a network – and the sensitive data contained within that network – must state their identity through authentication and authorization. They must prove who they are before access is granted. The Zero Trust strategy is based on three pillars:
| | | |
| --- | --- | --- |
| **Never Trust, Always Verify**
Actions and users are considered untrustworthy until proven otherwise. | **Least Amount of Privilege**
Give users the tools and access needed to complete their tasks and nothing more. | **Constantly Monitor**
Even after trust is granted, users, data and networks must always be monitored. |
There is no one-size-fits-all solution to Zero Trust. Organizations must examine security needs and business goals to implement the best, most effective Zero Trust security model possible.
## **Myth 2: Zero Trust Negatively Impacts Worker Productivity**
**Fact: Zero Trust Saves Time**
On the surface, the idea of never trusting anything or anyone sounds like it would slow things down. However, because a large part of the Zero Trust security model works “behind the scenes”, it enables workers to stay productive while keeping data safe.
Here’s an example using device deployments: In the Zero Trust security model, the assumption is every single device poses a threat to the organization and must be constantly monitored. But having IT check the devices on a regular basis brings productivity to a standstill for both end users and IT administrators.
A technology solution which supports a Zero Trust policy can constantly [monitor devices](https://www.soti.net/mc/help/v15.6/en/console/devices/monitoring/monitoring.html) to see if they are untrustworthy. If they are, that solution can take steps to make the devices trustworthy with little, if any, disruption to the end user.
Imagine a tablet or barcode scanner that is not up to date with the latest operating system (OS) or a mobile printer not using the latest firmware. Those devices could be considered untrustworthy. A solution that automatically updates the firmware and OS makes those devices trustworthy and, in turn, keeps workers productive. It’s truly a win-win.
### FOR FURTHER READING
[Three Reasons to Implement SOTI Identity Multi-Factor Authentication](https://soti.net/resources/blog/2021/three-reasons-to-implement-soti-identity-multi-factor-authentication/)
## **Myth 3: The Zero Trust Security Model Punishes Employees**
**Fact: Zero Trust is About Eliminating the Concept of Trust**
An organization deploying a Zero Trust security model isn’t saying its employees can’t be trusted. Rather, it is eliminating the concept of trust altogether.
One of the biggest, most impactful ways Zero Trust can help businesses and employees is by protecting them against phishing attacks. With hybrid or remote work being the norm, [data access is more important than ever](https://www.scmagazine.com/news/security-awareness/a-third-of-companies-dont-offer-cybersecurity-training-to-remote-workers). As a result, 74% of remote workers have access to critical data. However, 33% of remote workers have not received any kind of cybersecurity training. Here are [some of the results](https://www.cybertalk.org/2022/03/30/top-15-phishing-attack-statistics-and-they-might-scare-you/) of that lack of training:
| | | |
| --- | --- | --- |
| **83%**
of organizations had a phishing attack in 2021. Attacks grew by six billion in 2022. | **42%**
of workers opened an unknown link or file which may have appeared trustworthy. | **$4.65 million (USD)**
is the average cost to an organization of a data breach caused by a phishing attack |
Hackers prey on our trusting nature to trick people into clicking on a sketchy link, downloading a harmful file or sharing confidential information. The Zero Trust security model takes away the choice of whether to trust a link. It assumes an email, link or file is dangerous until it has been proven otherwise
That does not equate to saying “all employees are untrustworthy.” After all, what organization would willingly hire an employee they know to be untrustworthy? Instead, it removes the inherent trust that criminals are looking to exploit.
## **Myth 4: Zero Trust is Only for Large Organizations**
**Fact: Businesses of All Sizes Can Benefit from Zero Trust**
The Zero Trust security model is not exclusive to large organizations and it’s clear that small- and medium-sized businesses can benefit from it. Data breaches can have a [devastating impact on smaller businesses](https://www.strongdm.com/blog/small-business-cyber-security-statistics):
- 700,000 cybersecurity attacks to small businesses in 2020 alone
- $2.8 billion (USD) in lost revenue by small businesses due to security breaches
- 40% of small businesses lost crucial data during an attack
For small businesses (or any business regardless of [industry](https://soti.net/industries/soti-industries/)), implementing Zero Trust doesn’t have to break the budget. First, the Zero Trust security model is a mindset, not a singular product. Second, there are simple practices small businesses can utilize to achieve Zero Trust:
| | | |
| --- | --- | --- |
| **Password Protection**
Keep passwords safe by using password manager, changing passwords frequently and not using [123456 (the most hacked password)](https://privacysavvy.com/password/guides/most-hacked-passwords-worldwide/#:~:text=here’salistoftheworld’smosthackablepasswords:). | **Enable MFA**
[50% of small businesses have not implemented MFA](http://soti.nethttps//cybersecurity.att.com/blogs/security-essentials/how-a-small-business-can-achieve-zero-trust-security#:~:text=50%25ofcompanieshadnotimplementedmulti-factorauthentication,leavingtheirmostvaluableaccountsinadequatelyprotected), which leaves valuable data and information exposed to threats. | **Have Two Plans**
[47% of small businesses do not know how to protect themselves](http://soti.nethttps//openvpn.net/blog/zero-trust-for-smb/#:~:text=intheworld.-,47%25ofsmallbusinessesdon'tknowhowtoprotectthemselvesagainstcyberattacks.,-Butwhatabout) against an attack.
Businesses should plan for attack prevention and be prepared to stop attacks in progress. |
## **It’s a Zero Trust World**
Assuming devices and users have already been compromised and pose a threat to your business sounds alarmist, but it’s actually a smart business practice. It doesn’t mean implementing draconian measures or micromanaging employees. It’s simply a way of saying *“I need to be absolutely and constantly certain that a device or person requesting access to my data or network is safe to do so.”*
Adopting this mindset – and using [tools to help you achieve Zero Trust](https://soti.net/products/soti-one-platform/) – can help you [save up to 43% on data breach costs](https://www.teramind.co/blog/cost-saving-effect-of-zero-trust/#:~:text=fullydeployedzerotrustlowersbreachcosts). Even companies with a [partial Zero Trust security model can save $660,000 (USD) per breach](https://www.teramind.co/blog/cost-saving-effect-of-zero-trust/#:~:text=companieswithpartiallydeployedzerotrustsaved$660,000perbreach). If implementing Zero Trust can help you save thousands if not millions of dollars, well, it just makes sense to incorporate Zero Trust into your organization.
##### About Author
Oscar Rambaldini
VP, Product Marketing
##### Share on social media
[LinkedIn](http://soti.net/#linkedin "Share on LinkedIn")
[Twitter](http://soti.net/#twitter "Share on Twitter")
[Email](http://soti.net/#email "Share via Email")
##### Featured Posts
- [Why Off-the-Shelf Software Fails Frontline Teams & SOTI Snap Wins
Mar 26, 2026 | Shash Anand](http://soti.net/resources/blog/2026/rethinking-frontline-software-with-soti-snap/)
- [SOTI ONE: The Best Alternative to Cisco Meraki Systems Manager
Mar 24, 2026 | Rukhsh Khan](http://soti.net/resources/blog/2026/soti-one-your-alternative-to-cisco-meraki-systems-manager/)
- [Why Every Retailer Needs MDM for Retail POS Systems
Mar 19, 2026 | Jessica DellAquila](http://soti.net/resources/blog/2026/mdm-for-pos-systems-why-retailers-need-mobile-device-management/)
- [SOTI Pulse: Instant Answers & Total Confidence in Your Mobile Operations
Mar 19, 2026 | Deepinder Singh](http://soti.net/resources/blog/2026/discover-how-soti-pulse-can-accelerate-your-device-management/)
- [Unlocking SOTI MobiControl XS: Troubleshoot Network Issues Faster
Mar 12, 2026 | Shash Anand](http://soti.net/resources/blog/2026/how-to-keep-your-devices-connected-soti-mobicontrol-xs/)
##### Request a Demo of
The SOTI ONE Platform