Zero trust rollout stalled because the business case keeps changing depending on who is in the room
18 months into a ZTNA deployment and we are about 40% deployed. The technical side has gone reasonably well, the stall is political.
Every time we go to expand scope to a new business unit, the risk conversation restarts from scratch.
Security frames it as a compliance and breach prevention initiative. Network team frames it as a VPN replacement. Finance wants to understand the ROI relative to what we are spending on the current stack. The business units just want to know if it will break anything.
No one is wrong.
But the initiative loses momentum every time the audience changes because the business case was not built in a way that translates across all four frames simultaneously.
For IT leaders who have run a multi-phase zero trust network access rollout, did you find a single framing that held across all stakeholders, or did you maintain separate narratives per audience? And if you went the separate narratives route, was that sustainable at scale?