It’s surprising what marketing has been able to do with such an off-putting term. In almost any context outside of security, zero trust has few, if any, positive connotations. “There is zero, I repeat, zero trust between us” is not really something most people want to hear. It’s abrasive, even aggressive.
When we start talking about zero trust in a workplace context, employees feel targeted, like they’re under observation. Privacy advocates surface as if by magic. Since trust is an integral part of the workplace ecosystem (a botanical term hijacked by corporate speak, by the way), the confusion is understandable.
Why All the Hype with Zero Trust?
Most people, including IT leaders, see trust as important. We like to broadcast where we place that trust – even to the point that American founding fathers declared it on their currency: “In God we trust.” We trust our spouses, partners, family and close friends. It’s a part of being human that anyone who’s ever tried to persuade money out of your pocket knows well. So small wonder marketers are bending over backwards to spin out enough hype to capture non-technical audiences with a term like zero trust.
The Latest in a Long Line of Industry-Speak Casualties
All industries have terms and jargon unique to a specific area of expertise. These are often hijacked by big picture thinkers fresh from the weekend management seminar – think Michael Scott (or David Brent). They talk about bandwidth, pinging contacts, working in silos, crossed lines (telephone wires?), open doors and running it up the flagpole. Then there’s the person who promises to circle back, even when their path is linear and in the opposite direction.
So, What Is Zero Trust?
Zero trust is a security term. It’s an approach to protecting digital assets from attack; it’s not about becoming jaded with literally for anyone, but about zero assumptions of automatic trust based on factors like location (inside or outside of the network perimeter), user or device. Zero implicit trust didn’t have the same ring, not to mention an unfortunate acronym. So trust was born. It’s a strategy, a mindset, a belief system – however you wish to classify it as long as you understand that it’s an evolving strategy to combat evolving threats.
Why the Need for a New Approach?
The shifts to the cloud, remote work, bring your own device (BYOD) policies and the internet of things (IoT) mean it’s no longer effective to simply secure a network perimeter and assume that any activity within is trusted. The zero trust mantra of “never trust, always verify” has clear appeal to IT security professionals. Zero trust can reduce organizational risk from hacking, human error and shadow IT, to name a few.
Since 100% security is a known fallacy, when IT teams implement correctly, they can keep existing security solutions, like ones that enforce least privileged access and roles-based access controls. But supplements these “traditional” solutions with a focus on automated solutions that recognize deviations from normal activities, even when users, devices, networks and workloads (in terms of data traffic) are properly verified.
Read more: https://bit.ly/3PLBaRH
You can also read this: Cyber Agency of Ukraine Reports Q2 Cyber-Attack Surge