Skip to main content Skip to navigation

Centre for Interdisciplinary Methodologies

CIM News

Show all news items

Cybersecurity in a ‘Post-Trust’ Era: Zero Trust and Distributed Trust Models

Context of the Research:
This study is part of the “Scaling Trust: An Anthropology of Cybersecurity” project at the Centre for Interdisciplinary Methodologies, University of Warwick.
The project explores how trust is constructed, maintained, and transformed in cybersecurity, using interdisciplinary approaches from anthropology, sociology, and philosophy of science.


Objectives of the Study:
Pizio and Spencer aim to “question the nature of cybersecurity models” by comparing Zero Trust and Distributed Trust. A central goal was to examine the history and social conditions under which these models emerged. Drawing on philosophy of science and cybersecurity practice, the authors interrogate what security model is and how these frameworks reconceptualize trust, what shaped their development, and how they operate.


Methodology:
To explore this, the researchers conducted a detailed comparison of Zero Trust and Distributed Trust. They traced how each model originated and evolved, analyzing white papers, cybersecurity discussions, and policy documents tied to the emergence of Zero Trust (late 2000s) and Distributed Trust. Their analysis, informed by a critique of Social Construction of Technology theory, reveals how threats, infrastructure failures, and socio-economic shifts drove the adoption of “post-trust” models. This approach offers nuanced insight into the narratives shaping trust in cybersecurity.

Findings:
By juxtaposing the two models, the researchers found cybersecurity is undergoing a paradigm shift in how trust is understood.


* Trust has changed from a stable foundation to a volatile factor. Both models follow a “post-trust” logic that shapes technical systems and organizational practices. Trust is no longer static, but volatile, requiring constant management across technical and communicative areas.
* As a result, strategies aim to reduce implicit trust (as in Zero Trust’s “never trust, always verify”) or spread it across networks. These models emerged from real-world breakdowns, leading professionals to view trust as fluid and conditional.
* Security models also act as “communicative and organizational artifacts,” guiding interactions and shaping institutional behavior.


Implications:
The study shows that cybersecurity trust is not only technical, but social and organizational. A key insight is that managing trust as a social process is essential. Both models reflect the challenges of securing digital infrastructures and the interplay between technical measures and organizational dynamics.
Organizations must adopt socio-technical mechanisms—policy, culture, and communication—to maintain security. Embracing trust’s fragility, context, and changeability is critical for resilience.


Conclusion:
By examining Zero Trust and Distributed Trust, the research deepens understanding of how trust is conceived and applied in cybersecurity. An interdisciplinary approach offers essential insights for practitioners and policymakers in today’s evolving digital security landscape.

Mon 09 Jun 2025, 13:00