Zero trust has some of the best branding in cybersecurity – it’s comprehensive, absolute, and even my kids could understand it. How much trust? Zero.
Except that’s just not the case. Catchy as the name ‘zero trust’ is, the truth is that there’s much more to it: zero trust isn’t an architecture, it’s a mindset. It’s a goal that security teams can always strive to reach without ever necessarily achieving.
In fact, they shouldn’t achieve zero trust. It just isn’t practical: verifying every request would eventually wind up locking out customers or users. Good security shouldn’t impede business operations or legitimate user activity – it should protect what matters most.
What ‘zero trust’ branding achieves is naming the problem: trust. Too much trust – particularly too much default trust – is a recipe for disaster. Instead, security teams need to be thoughtful about when they’re provisioning trust, why, and what requests should require additional authentication.
Thinking through that escalation is the real benefit of zero trust – it’s a way to provide the least amount of trust necessary for your users to do their jobs or make a purchase.
Tomorrow, I’ll be talking about how organizations can use zero trust to secure what they need to and prepare for a work-from-anywhere-always world. Make sure to register for our free webinar to hear from cybersecurity experts Sam Curry (CSO at Cybereason) and Hector Monsegur (Corporate Pen-tester and Expert Security Researcher with rThreat) to hear why the small steps leading to zero trust can amount to a big difference in your security profile.