RSS

Is network access zero trust's biggest blind spot?

Eingrand19781 pts0 comments

Is network access zero trust's biggest blind spot? Cloudi-Fi makes its case in Vienna | iTWire Skip to content Business It News / Security Is network access zero trust's biggest blind spot? Cloudi-Fi makes its case in Vienna<br>Alex Zaharov-Reutt, Global AI and Technology Editor | Published 18 June 2026<br>Cloudi-Fi At Zscaler's Zenith Live '26 in Vienna, a team of ex-Zscaler people now running Cloudi-Fi argued that the printers, cameras, guests and contractors on your network are the slice of zero trust their stacks were never built to secure. Then they put a Baker & Baker IT chief on stage to prove it.

VIENNA. Day one of Zenith Live '26 and the room is a wall of blue lanyards. Those lanyards mark out Zscaler customers, and Cloudi-Fi's head of sales engineering for India and APAC, Simranjeet Singh Kahlon, counts them before he says a word. Kahlon's day job is the technical side of the sale, scoping deployments, architecting the Zscaler integration and proving it out for customers across the region.

He opens with 2 questions. The first is a gimme: hands up if you run zero trust in front of your applications today. Nearly every hand in the room goes up. ("Zscaler, Zenith Live. I expect no less," he grins.)

Then the question that lands differently. "Raise your hands if you know the identity of every device that connects to your network: every IoT, every guest, every contractor, every printer, every camera." The hands come down.

"That's precisely the gap we are going to talk about today," Kahlon told the room.

For an iTWire audience that has spent the better part of a decade rolling out Zscaler Internet Access, conditional access and posture checks, it's an uncomfortable thing to sit with. We secured the front door beautifully. We left a side gate wide open.

My video recording of Cloudi-Fi's session at Zenith Live '26 is below, please watch and read on!

What ZTNA was actually built to do

Kahlon is careful not to trash the thing his entire audience just bought. "I'm not here to say or tell you that ZTNA is broken. It really works," he said. His point is narrower, and sharper.

His framing: zero trust network access was built to control how a user reaches an application. The question of how a device reaches the network in the first place was somebody else's job, and it mostly went unanswered.

This image and all below are supplied by Cloudi-Fi<br>Think about what that leaves out. Badge readers. Sensors. Guest laptops. Contractor machines. Printers. Cameras. Point-of-sale terminals. None of them sit in Okta or Microsoft Entra ID. None of them carry a corporate footprint. So enterprises end up running 2 worlds on one network: a tidy ZTNA stack up top, and underneath it a messy patchwork held together with VLAN segmentation, port-based authentication and the security blanket that refuses to die, MAC-based whitelisting.

Kahlon reduced it to algebra. Every policy engine, Zscaler included, needs identity to function: if user is X, device is Y, and context is Z, then grant access. "But then look at the devices: BYOD, IoT, guests, contractors. There is no X, there is no Y, and certainly Z is completely empty," he said. With nothing to evaluate, the policy engine does nothing, and the network quietly falls back to controls that were old in 2005.

Above and below the waterline

The slide that did the heavy lifting was an iceberg. Above the waterline sit employees and corporate devices, the things ZTNA can see. Below it sits everything else.

Kahlon asked the room to guess their own ratio. Fifty-fifty? Sixty-forty? A delegate called out "thirty-seventy." That tracks, he said, especially in retail, hospitality and hospitals, where most of the network lives below the surface and zero trust never reaches it.

Image supplied by Cloudi-Fi<br>He's adamant the cause is structural, a design assumption baked into the identity stack. Okta, Ping and Entra ID were all built on the premise that an identity belongs to a human who logs in. "But cameras do not log in, printers do not log in, point-of-sale terminals do not log in," he said. "By definition, a guest waiting for you in your lobby is someone you don't know."

That gap creates 3 headaches, in his telling: fragmented identity (and you can't secure what you can't identify), no posture or context, and the compliance pressure that arrives when auditors start asking about the devices they can't name. The whole iceberg, he said, is your attack surface. ZTNA only sees the tip.

Image supplied by Cloudi-Fi<br>The ex-Zscaler shop that built Cloudi-Fi

Cloudi-Fi's back story is more interesting than the average vendor booth, and the stage presentation skipped it.

Cloudi-Fi's co-founder and CEO is Damien Chastrette; its co-founder and CTO is William Miroux. They built the business in 2015, though its own origin story is coy, describing the pair as "still working at a leading cybersecurity company" when global customers kept asking them for one thing: secure, easy internet access for every user...

cloudi network access zscaler zero trust

Related Articles

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.