Zero Trust Ends Where Admin Rights Are Granted Out of Convenience
A team tells me: "We are Zero Trust." Two sentences later: "The service provider has admin access because it's faster that way." This is not an isolated case. It is symptomatic of a pattern IT decision-makers at mid-sized companies encounter repeatedly: Zero Trust has arrived as a concept — but not yet as an operational consequence.
What Zero Trust Really Means
Zero Trust is not a product or a tool. It is a security philosophy built on a simple principle: trust nothing automatically, whether inside or outside the corporate network. Instead of blanket trust, there is continuous verification. Every identity, every device, every request is checked — continuously and context-dependently.
In practice, this means: no user and no system receives access simply because they are already on the network. "Never trust, always verify" is the operative principle. Many organizations feature this concept in their presentation slides. The problem arises where reality begins: in day-to-day administration — in the permissions, access rights, and exceptions made "for the sake of convenience."
The Test That Decides Everything
Whether Zero Trust is truly practiced shows not in the security concept document but in the permissions. Four questions should be asked first in every security review to determine the actual maturity level:
First: Who can change configurations without a four-eyes principle? At many mid-sized companies, individuals — sometimes external service providers — have extensive admin rights without oversight mechanisms. This is not malice but historically grown convenience. And that is precisely where the risk lies: a compromised account with uncontrolled admin rights can alter entire system landscapes without detection.
Second: Who can delete logs or create blind spots? An attacker who can cover their tracks is doubly dangerous. Control over logging systems is therefore among the most critical permissions of all. Whoever can write logs but not delete them cannot cover their tracks. Whoever can do both is practically uncontrollable.
Third: Who can export data — and is it noticed? Data exfiltration is one of the most common attack vectors. Companies that do not know who is allowed to export data and whether that activity is logged have no real control over their most valuable asset.
Fourth: How does the Break-Glass procedure work? In emergency situations, administrators need elevated access — but it must be time-limited, traceable, and reviewed afterward. Permanent emergency access is not an emergency procedure but a permanent vulnerability for attackers.
EU Hosting Does Not Solve the Problem
A common misconception: EU hosting is sometimes equated with security. Data on European servers is more secure when the service provider is reputable and governance is sound. But a European server location does not protect against a poorly configured permissions system. Admin governance is decisive — not the geographic location. The crucial question is not where the data is stored but who can access it. Can you answer that in two minutes?
Implementing Admin Governance in Practice
For IT decision-makers at mid-sized companies, genuine Zero Trust operations at the admin level means four concrete measures: Review permissions regularly following the least-privilege principle — who has what, since when, and why? Equip external service providers with precisely defined, time-limited, and monitored access. Document Break-Glass processes that fully log and time-limit temporary emergency access. Understand logging as an active control instrument — not merely a compliance record.
Zero Trust is not a technology question — it is a question of consistency. Those who say "We are Zero Trust" while simultaneously granting admin rights out of convenience have a blind spot — one clearly visible to attackers. Digital sovereignty does not begin with the right tool. It begins with the question: Who has admin access at our company — and exactly why?