Zero Trust has long been more than just an IT buzzword – it is becoming the new security standard in a digitally connected world. 2025 will be all about pragmatic implementation: companies of all sizes will rely on identity-centred strategies, automated protection mechanisms and integrated platforms to effectively manage security risks. In this interview, Mike Majunke, Solutions Engineer at Cloudflare, explains why now is the right time to get started – and how SMEs in particular can avoid typical pitfalls.
What developments do you see for Zero Trust in 2025?
Zero Trust will evolve from a strategic buzzword to a lived security standard in 2025. More and more companies are realising that traditional perimeter security is no longer enough – especially with hybrid working models and cloud-first architectures. The focus is shifting noticeably towards identity- and context-based access decisions. At the same time, the need for consolidated platforms is growing because the fragmentation caused by too many individual solutions is increasingly becoming a burden for companies. The most important trend: Zero Trust is becoming more pragmatic, more tangible – and therefore also more widely realisable.
Why do small and medium-sized enterprises (SMEs) in particular find it difficult to implement Zero Trust and how can they overcome these hurdles?
Many SMEs struggle with limited IT resources and complex, historically grown system landscapes. At first glance, Zero Trust seems like a major strategic effort – which leads to reluctance. However, getting started doesn’t have to be expensive or technically complicated. The key is to start with small, measurable steps – such as identity management and secure remote access. Choosing a platform that is easy to integrate can also remove a lot of complexity and facilitate future scaling in terms of performance and functions.
What role do AI and automation play in modern zero trust architectures?
AI and automation are now doubly relevant for zero trust – on the one hand as important helpers, and on the other as assets worth protecting. On a functional level, AI-supported systems enable continuous risk analysis in real time and make context-dependent access decisions – based on user behaviour or device profiles, for example. Automation also ensures integration between various zero trust solutions and other systems. At the same time, however, the need for protection is also growing: AI models themselves – e.g. for analytics or decision-making logic – are becoming strategic corporate assets. They must be protected against manipulation, theft and unauthorised access in the same way as sensitive customer data. Zero Trust is therefore not only thinking in terms of guidelines, but increasingly also in terms of protected areas for digital intelligence.
What mistakes do companies often make when implementing Zero Trust and how can they avoid them?
A common mistake is to view Zero Trust as a product rather than a holistic strategy. Many companies rush into new tools without first defining what goals they are actually pursuing. The involvement of employees is also often underestimated – success stands and falls with acceptance on a day-to-day basis. In addition, there is often a lack of clear responsibilities, which leads to friction between IT, security and compliance. Instead, those who start with a clear roadmap, think about processes and people and focus on integrated solutions have the best cards. Zero Trust thrives on clarity – not on complexity and the workarounds and exceptions that are so often implemented in security regulations.
How do you see the future of Zero Trust in the context of regulatory requirements and data protection?
Zero Trust is an excellent fit for modern data protection and compliance requirements because it is based on the principle of minimal access. Every decision is traceable, every access is verifiable – the supervisory authorities appreciate this too. Particularly in regulated industries such as finance or healthcare, Zero Trust will become mandatory in the next few years. The public sector will also have to take big steps in this direction. The architecture not only creates more security – it also provides significantly more transparency and control over data flows. Companies that invest today will not only secure a security advantage, but also a solid foundation for upcoming audits. In this respect, Zero Trust will become a strategic asset – far beyond IT.
