What Is Zero Trust? It Depends What You Want to Hear

Confusion about the real meaning and purpose of zero trust makes it difficult for people to implement ideas in practice. Proponents of her case have been working to make the actual transcript of this statement available online. Proponents of her case have been working to make the actual transcript of this statement available online.

“What the security industry has been doing for the last 20 years is adding more bells and whistles like AI and machine learning,” says Paul Walsh, founder and CEO of Zero Trust-based anti-phishing firm. MetaCert. “If it’s not zero confidence it’s just conventional security, no matter what you add.”

Cloud providers in particular, however, are in a position to integrate zero trust concepts into their platforms, helping customers adopt them into their own organizations. But Phil Venables, Google’s chief information security officer at the cloud, notes that he and his team spend a lot of time talking to customers about what zero trust really is and how they can apply their own Google Cloud usage and beyond.

“There’s a lot of confusion.” He says. “Customers say, ‘I felt like I knew what zero trust is and now that everyone describes everything as zero trust I understand it less.’

Apart from agreeing on what this phrase means, the biggest obstacle to the spread of zero trust is that most of the infrastructure currently in use was designed under the old pit and castle networking model. There is no easy way to recover such systems for zero trust because the two approaches are fundamentally different. As a result, the implementation of the ideas behind zero trust everywhere in the organization potentially involves significant investment and inconvenience in the rearch installation of inheritance systems. And those are certain types of projects that risk never being completed.

It implements zero confidence in the federal government – which uses the hodgepodge of vendors and legacy systems that will take a particularly daunting, time-consuming and large investment of money, despite the Biden administration’s plans. Janet Manfra, a former assistant director for cybersecurity at CISA who joined Google in late 2019, saw the difference between government IT and the tech giant’s own zero-trust-centric internal structure.

“I was coming from an environment where we were investing a tremendous amount of taxpayer dollars to secure very sensitive personal data, mission data, and especially to see the friction you experience in more security-oriented agencies.” . “It simply came to our notice then And The good experience as a user was just mind blowing for me. “

Which does not mean that zero faith is the cure for security. Security professionals who are paid to hack organizations and discover their digital vulnerabilities – known as “red teams” – have begun studying what it takes to get into a zero trust network. And for the most part, it’s still easy enough to target parts of the victim’s network that haven’t yet been upgraded to zero trust concepts.

“A company is moving its infrastructure off-premises and putting it in the cloud with a zero trust vendor will block some conventional attack routes,” says longtime Red Timmer Cedric Owens. “But in all honesty I’ve never worked in a completely zero confidence environment or worked in a red team.” Owens also emphasizes that while zero trust concepts can be used to physically strengthen an organization’s defenses, they are not bulletproof. He pointed to cloud misconfigurations that companies could inadvertently introduce when they transition to a zero trust approach.

Manfra says it will take time to fully understand the benefits of a zero-trust approach to the relationship that many organizations have had for decades. She adds, however, that the abstract nature of zero trust has its advantages. Designing with concepts and principles rather than specific products brings relief and potential longevity, which specific software tools do not.

“Philosophically it seems sustainable to me,” he says. “The desire to know what and who touches what and who in your system is always something that will be useful for understanding and defense.”


More great wired stories

Leave a Reply

Your email address will not be published. Required fields are marked *