The enterprise perimeter has exhibited gradual trust degradation owing to a succession of connectivity decisions involving Web, email, virtual private networking, exceptions, and mobile networks as well as a succession of threats including malware and advanced persistent threats (APTs). The author proposes restoring trust to the enterprise by focusing protection strategies on a set of prioritized assets. The protections center on three zones: a client zone, a network zone with network-based carrier protection services, and a cloud zone with third-party attested security heavily indexed toward identity and access management services. The resultant enterprise network is more resilient to leakage attacks such as APTs.