1300 252 789
Get in touch

Zero trust in the cloud: Drift happens

Zero Trust is not ‘set and forget’.

Part 4 of a series

Fixing an error in production can cost up to 5–10x more than catching it in the pipeline.

Boards are asking why security isn’t built in from the start.

Abstract

Unchecked drift erodes compliance, creates blind spots and inflates remediation costs. Updates, patches and human fixes are inevitable, but resilience depends on detecting and correcting drift in real time.

Boards and regulators now expect Zero Trust to be a sustained discipline, not a launch milestone.

The Business Challenge

The risks of drift show up in four ways:

Fragility

Configs change silently over time, leaving blind spots that attackers exploit. This weakens resilience and slows incident response.

Exposure

Small tweaks cascade into breaches, insider misuse, or data loss. A single drifted control can unravel Zero Trust.

Compliance risk

Drift erodes CPS 234, Essential Eight and NIST 800-207 alignment. Findings post-deployment invite penalties, capital charges or tighter licence conditions.

High cost

Detecting drift late means emergency hotfixes, outages and wasted resources. Industry studies show remediation after deployment can cost 5–10x more.

Boardrooms are now framing it differently:

If posture drifts once systems are live, how can resilience be sustained?

The Opportunity Landscape

  • Reduced risk exposure: Continuous scans catch drift before it grows.
  • Improved agility: Automation sustains Zero Trust while enabling fast delivery.
  • Regulatory and customer trust: Proves proactive control to boards and auditors.
  • Efficiency and cost savings: Early fixes cut remediation spend and free scarce talent.
  • Continuity: Protects assets and supply chains, preserving business operations.

What the data shows

  • Wiz Kubernetes Security Report 2025: Newly staged clusters were probed by attackers within 18–28 minutes, showing how quickly drift or weak configs are exploited.
  • Wiz Code Security Report 2025: Insecure defaults in CI/CD (e.g. GitHub Actions, Apps) often remain unchanged. 98% of GitHub Apps request powerful permissions; 77% with write access.
  • Wiz Research 2024–25: Large-scale repo analysis showed misconfigurations and drift persist because governance lags agile delivery.
  • Industry studies: Continuous scanning reduces remediation costs by multiples (5–10x) compared to post-deployment fixes.

Leadership Imperatives

Executives looking to lead should:

    1. Mandate continuous scanning – treat drift detection as a Zero Trust control.
    2. Automate at scale – reduce manual checks and alert fatigue.
    3. Link drift metrics to governance – report posture stability to boards alongside financial and ESG indicators.
    4. Tie scanning to compliance anchors – map evidence directly to CPS 234, Essential Eight, and audit packs.

Future Outlook

The data shows regulators are moving from ‘point-in-time’ assurance to continuous oversight

  • The EU’s Digital Operational Resilience Act (DORA), effective January 2025, mandates real-time ICT risk visibility.
  • In Australia, APRA’s CPS 234 already requires ongoing assurance across critical systems.
  • KPMG’s 2025 Regulatory Barometer highlights operational resilience as a top-three priority for boards worldwide.

What this means: continuous drift detection will soon be a baseline expectation. Those that act now will strengthen trust and cut costs; those that wait will face scrutiny, higher spend, and credibility gaps.

Conclusion

Drift is inevitable, but unmanaged drift erodes Zero Trust. Continuous scanning sustains resilience after go-live, delivering cost efficiency, regulatory assurance and sustained trust.

Talk to Frame to explore how real-time scanning can sustain Zero Trust in your environment.

Get in touch with us
Get in touch
Read other insights in this cluster