𝓤𝓷𝓲𝓽𝓮𝓭 𝓝𝓮𝔀𝓼

Illumio is a Business Reporter client

Wars are rarely won by sheer firepower. They’re won by those who control the terrain. John Kindervag explains why defending your Protect Surface isn’t a luxury. It’s survival.

On July 2, 1863, the Union Army was battered, outnumbered, and on the brink of collapse. Two days into the Battle of Gettysburg — the bloodiest fight of the American Civil War — Confederate forces had pushed deep into Pennsylvania and were threatening to break the Union line. In a last-ditch move, the Union left flank fell back to a rocky outcrop called Little Round Top.

Whoever held that hill would control the high ground — and with it, the outcome of the battle.

As the originator of Zero Trust security, I’ve spent years showing organizations that cyber defense is less about piling up controls and more about owning the decisive ground. Little Round Top is the perfect metaphor: you don’t guard every inch of Pennsylvania. You take the hill that breaks the enemy’s plan. In military doctrine, Little Round Top was the High Ground, the terrain that you take and hold to give you an advantage over your enemy and provide you the best opportunity to win the battle.

In cyber terms, that hill is what we call the “Protect Surface”: the data, applications, assets, and services that truly determine whether you win or lose. It’s the thing that you need to build, take hold of, and not give up to the enemy.

We know how the Battle of Gettysburg played out. Colonel Joshua Chamberlain and the 20th Maine scrambled up Little Round Top and threw together a defense. When they ran out of ammunition, they fixed their bayonets and charged downhill. The surprise attack shattered the Confederate advance and held the line. Holding the high ground won the day for the Union Army and turned the tide of the Civil War.

As someone who’s spent years helping organizations adopt Zero Trust, I see echoes of this battle every day — not in Gettysburg, but in the digital battlefield. Because cybersecurity is about knowing your environment, using it to your advantage, and forcing the adversary to fight on your terms.

Zero Trust is often misunderstood as a technology or a single product. It’s not. It’s a holistic security model built on five key steps: defining what you’re trying to protect, mapping transaction flows, architecting a Zero Trust network, creating policy, and continuously monitoring and maintaining it.

Understanding the terrain — visualizing how data moves and where it’s most at risk — is essential to every one of these steps. Without that visibility, you can’t define what you’re protecting, enforce effective controls, or measure progress. The battle for resilience is won not just with strong defenses, but with smart ones.

Terrain still wins wars

At a recent LinkedIn Live event, I had the opportunity to speak with Navy SEAL-turned-entrepreneur Clint Bruce and retired Major General Viet Luong, the first Vietnam-born soldier to be promoted to the rank of general in the U.S. Army.

Clint Bruce introduced a powerful distinction that applies as much to cybersecurity as it does to the battlefield: the difference between influence terrain and impact terrain.

Influence terrain is everything you worry about but can’t control: the weather, distant hills, the size of the enemy’s reinforcements. In the cyber world, it’s your external threat landscape: nation-state actors, zero-day vulnerabilities, economic conditions, geopolitical unrest. These are real threats, but you can’t shape them directly.

Impact terrain is the ground you can act on. It’s the bridges, roads, and high ground you can seize, defend, or deny to the enemy. In cybersecurity terms, it’s your internal environment: your networks, your workloads, your data. This is the terrain where your decisions matter, where you can enforce policy, contain lateral movement, and make it harder for an attacker to maneuver.

Zero Trust doesn’t waste time chasing influence terrain. It focuses squarely on impact terrain where you can actually make a difference. And it’s where the fight is won or lost.

Our job isn’t to defend every square inch of the network. It’s to control the terrain that matters most. In cybersecurity, that hill is your Protect Surface: the small, well-defined set of assets that matter most. It could be your payment systems, your patient records, your proprietary algorithms — whatever would cause operational, financial, or reputational damage if compromised.

Why maps work: from Union defenses to cybersecurity

A map forces clarity. It reveals blind spots. It shows where the gaps are — and where the enemy will go. In cybersecurity, the modern equivalent of a field map is the security graph. It’s a real-time visualization of how workloads communicate, where users go, and which services are exposed. It’s not just a list of IPs. It’s your operational reality rendered intelligible.

When I built the five-step Zero Trust methodology, Step 1 was clear: define your Protect Surface.

Step 2 is to map the transaction flows. It’s the cyber equivalent of drawing a relief map. Until you see who’s talking to what, when, and why, you have no business building policy.

Clint Bruce put it well: “The best weapon is a map. Because when you have a map, the worst you’ll ever be is wrong — not lost.” Wrong can be fixed. Lost is fatal.

Defending the Protect Surface

Major General Luong reminded us that terrain isn’t just physical — it’s human, moral, informational, and, in today’s world, digital. In every mission, he said, you identify your decisive terrain — the hill you’re willing to die on because it determines who wins.

To do that, you do need to know exactly what your Protect Surface is, where it lives, how it’s accessed, and who depends on it. Then you chart it, segment it, and control it. Because in Zero Trust, the Protect Surface isn’t just what you’re defending — it’s the ground you must never lose.

Zero Trust doesn’t succeed just because it stops breaches. It succeeds because it also contains them. That containment is possible only when you master your terrain.

It’s like Chamberlain seeing that Little Round Top was undefended. You don’t win by being everywhere. You win by seeing better and moving smarter. You win by holding the high ground.

Contain the breach with Illumio.