Why Zero Trust Isn't Just Marketing
Speaking with an old friend, they told me - Zero Trust is the latest victim of "I've got a product for that."
That place where an idea gets wrapped up in sales, marketing, and press releases. Until the original idea loses its identity.
When we worked with on-premise IT, we bought bigger and better products. It was all about the tech. Building higher, thicker walls around our company crown jewels.
Tech has changed. The server under a desk has become a Salesforce service. The spreadsheet on a USB - a Google doc.
What hasn't changed are people, data, and processes.
How you stitch together services and control what you're responsible for. That's the new way. That's Zero Trust. An architecture. An approach.
Not a silver bullet. Not a new product.
More on Zero Trust architectures from the NCSC.
“Skate to where the puck is going to be.”
Wayne Gretzky comes up every time I speak with one particular Canadian. Equal parts innovator and hockey fan.
Innovators search for leading indicators. What’s next? What happens if…?
Cybersecurity does the opposite. What happened? How do we recover?
- Antivirus: what harmful software has been installed on my device?
- Logging: what bad things happened?
- Backup: can I go back to a known good state?
One is optimistic. One is hopeless.
After-the-fact is important for confirmation but is no place for an innovator to live.
Live in leading indicators. Reinforce with lagging indicators.
This is the new cybersecurity way.