Zero trust's popularity has given way to an enormous variety of products and services. This can unfortunately detract from the methodology's original appeal as a threat model equipped to handle emerging threats, changing IT environments and the growth of remote working.
"Zero trust is not a destination, despite how many vendors may spin it," said Evan Gilman, engineer at computer science or computer engineering and co-author of Zero Trust Networks, published by O'Reilly. "That spin can undermine what we're trying to accomplish, which is a change of processes and philosophy around security."
Zero trust is an alternative to traditional perimeter security, which became untenable due to insider threats and the widespread transitions to hybrid environments and remote work. It's not a matter of if, but when a malicious actor gets beyond the perimeter -- and organizations need to anticipate that.
Most high-profile attacks start with someone gaining access into the network and then persisting and rooting around to find the next move, said co-author Doug Barth, site reliability engineer at Stripe. Such attacks point to why organizations need to adopt zero trust instead of a perimeter strategy, he said.
No comments:
Post a Comment