TRUST, It’s not a new Concept

Trust in IAM should never be reduced to a marketing buzzword or a sales gimmick, it is the foundation upon which any identity and access management system must be built. The concept of trust is not new, nor should it be treated as an innovative breakthrough. At its core, IAM has always been about ensuring that only the right individuals, or systems, gain access to critical resources. If I cannot trust who I am granting access to, my entire security model collapses. Yet, I continue to see vendors and analysts positioning “trust” as some revolutionary concept. If I were a CIO evaluating vendors, I would immediately question any company that is just now discovering the importance of trust. What were they prioritizing before? If trust wasn’t central to their IAM approach, what was? 

The Long-Standing Role of Trust in Security

This isn’t a novel idea. Decades ago, IBM ran an ad in Datamation, the leading IT magazine, emphasizing that trust and security are the cornerstones of computing. The premise was clear: security ensures protection, and trust ensures that only the right people or entities gain access. Mainframes, in many ways, pioneered what we now call Zero Trust, operating under the assumption that access must always be verified and never assumed safe. The reality is, trust has always been an essential component of secure computing, some vendors just seem to have forgotten that. 

The Consequences of Overlooking Trust

In my experience, I’ve encountered more than a few vendors that have treated trust as an afterthought. That’s a fatal mistake. Trust isn’t just about granting access; it must persist throughout the session, validating every request. If trust weakens at any point, whether due to unusual behavior, risk signals, or other indicators, access must be terminated immediately. This principle applies equally to human and non-human identities.