Getting to Ground Zero (Trust)

Zero Trust (ZT) focuses on the idea that one should always assume the environment has been compromised. The guiding principle of Zero Trust is to handle all resources, without trust, on both granular and global levels. In doing so, one is required to embrace a total buy-in of risk-based decisions in-lieu of assuming any resource is trustworthy despite following best practices or historically accepted security guidance. The traditional workflow of deploy, monitor, assess, wash-rinse-repeat has morphed into the next generation best practice of trust nothing and assume everything is potentially malicious. When digesting this ZT perspective, one could easily look at an environment and see an unending expanse of circular dependencies, of which none can be trusted. With the depth and breadth of different Zero Trust guidance, establishing a baseline for a ZT program becomes non-trivial.

Read More