Discover how replacing perimeter defenses with a canal-based Zero Trust model gives you granular control over every access request while strengthening security through continuous verification and microperimeters.
For decades, cybersecurity has relied on a mental model rooted in medieval defense: the castle and moat. Build high walls, guard the gates, and trust everything inside. It worked well enough when organizations had clearly defined perimeters, centralized infrastructure, and employees working on-site.
But today, those assumptions no longer hold. The perimeter is gone. Cloud services, remote work, APIs, third-party integrations, and machine identities have dissolved the walls—and the moat isn’t keeping anything out. In this new reality, Zero Trust has emerged not as a toolset, but as a strategic model for how access should be granted and governed.
To truly understand and implement Zero Trust, we need to move beyond the castle-and-moat analogy. A better metaphor for today’s dynamic environment is the canal.
In a Zero Trust world, access is no longer binary nor is it granted just based on location or implicit status. It’s earned, calculated, and continuously re-evaluated. A canal is a perfect analogy for how access should work: It’s a controlled journey akin to a ship navigating a canal system. The S.S. Access (an individual access request) must pass through a series of locks that verify trust conditions before reaching its destination: the protect surface (the resource).
A canal is a powerful metaphor for Zero Trust because:
Just like a canal, Zero Trust is about deliberate, policy-driven movement where access request is guided through a series of checkpoints, each enforcing its own set of rules.
Access requests must pass through a sequence of five primary locks. Each one is independently enforced and may contain multiple locking bolts, which are specific policy controls enforced through microperimeters.
Each lock can adapt in real time, triggering additional requirements such as multi-factor authentication (MFA), session isolation, reduced access scope, or full access revocation based on risk signals, user behavior, or policy changes.
| Aspect | Castle & Moat | Canal & Locks |
|---|---|---|
| Philosophy | Keep threats out | Continuously verify trust at each stage |
| Architecture | Static perimeter | Dynamic, layered trust microperimeters |
| Trust Assumptions | Everything inside the castle is trusted | Trust nothing by default |
| Blast Radius | Broad lateral movement if breached | Contained through segmented microperimeters |
| Enforcement Location | Perimeter firewall | Inline, context-aware microperimeters |
| Decision Drivers | Static rules and VPN access | Real-time context from Identity, network, device, app, and data pillars. |
While the canal metaphor helps conceptualize the flow of access, microperimeters operationalize the locks. They are the enforcement boundaries that wrap around every sensitive asset or interaction.
Instead of relying on a single, monolithic perimeter, Zero Trust distributes enforcement to the edges of every access point. Whether it’s a device accessing a cloud resource, a microservice talking to another, or a user initiating an API call—each of these moments is surrounded by its own microperimeter, where context is evaluated and policy is applied.
These microperimeters allow for granular control and dynamic response. They enable organizations to move beyond static segmentation and build transaction-level access governance without relying on a rigid infrastructure model. In Zero Trust, trust is ephemeral, access is conditional, and enforcement is everywhere.
The era of fixed perimeters is over. Today, every identity is potentially external. Every access decision is a potential breach point. And every application, API, and dataset is a potential target.
Zero Trust is not about blocking access. It’s about continuously granting access intentionally.
Build a system of canals, not walls. Raise locks, not gates. Let the S.S. Access travel securely—always evaluated, never assumed, never trusted.
To learn more about Zero Trust, check out our guidebook. For details on our capabilities / offerings, contact us.
Practical Guidance & Threat Intelligence
Stay a step ahead of the competition–and attackers–with fresh perspectives, practical guidance, and the latest threat intelligence.
Learn how explainability, governance, and auditability in agentic AI systems help ensure safe, ethical, and accountable deployment while keeping innovation on track.
Our team shares key takeaways from Black Hat 2025, including why foundational security practices, AI governance, and insider threat management are more critical than ever for building resilience and aligning cybersecurity with business strategy.
Joseph Karpenko, Field CISO, shares ways to master foundational security practices to dramatically reduce risk, enhance operational resilience, and empower you to stay ahead of evolving cyber threats.
To strengthen threat detection and accelerate compliance efforts, tool sprawl needs to be kept under control. Here are four steps to optimize your security tools and combat technology sprawl.
Learn how explainability, governance, and auditability in agentic AI systems help ensure safe, ethical, and accountable deployment while keeping innovation on track.
Our team shares key takeaways from Black Hat 2025, including why foundational security practices, AI governance, and insider threat management are more critical than ever for building resilience and aligning cybersecurity with business strategy.
