For the last thirty years the prevailing approach to securing IT has been to fortify the network from the outside world: “build a tall, strong, wall with well-guarded gates.” From many perspectives this has been a good choice; InfoSec teams focus their efforts and budget on ingress-egress points without having to manage the complexity and churn of an organization’s internal affairs.
Unfortunately, it also means that any breach of the perimeter often leads to catastrophic failure.
In practice, organizations do watch the inside of their networks for threat actors, both insider and external, who might mean them harm. But even this approach still largely trusts the IT network.
With zero trust architecture, all services on the network are mutually distrustful of each other and require authentication and authorization amongst themselves. This approach is a large leap forward from the perspective of operations and InfoSec teams. With the zero trust model, a single breach of an IT system is not game over event… unless it is.
What happens from the perspective of a user if the system breached holds the information they need protected? What happens if the system breached is the one upon which a user depended, or worse yet a key system like the directory service or network filesystem server? The problem is not the idea behind Zero Trust Networks, but that Zero Trust Networks don’t go far enough.
What if IT systems are not trusted at all? This has become popular in the consumer market with end to end cryptography (e2e), protecting messages and files from the sender’s device all the way to the recipient’s device. In e2e systems, even if service operators wish to eavesdrop on customers’ communications they can’t. This is the end game for Zero Trust, where IT systems and their operators are part of the threat model. An administrator of the communications system will not see the contents of the encrypted chats and shared files, not because the operator is following the rules/policies/compensating controls, but because there are technical measures that protect data from all but the intended parties.
Even today, the tools are ready for Zero Trust Infrastructure to be deployed to protect data in an enterprise environment without trusting anyone but the owners of the data. Secure file sharing and secure collaboration based in Zero Trust principals is available now, and we are only making them more feature-rich yet totally secure.
By Jonathan Moore, CTO at SpiderOak H.L. Menken wrote in 1920 that: “…there is always a well-known solution to every human problem—neat, plausible, and wrong.” So it is today with our failings in cyber security, which pervade every level of business and government. Far from fielding effective technologies and policies that bend the risk curve […]
Cryptography, the art and science of encrypting sensitive information, is becoming increasingly commonplace in our day to day lives. From iPhones to bank accounts, and SpiderOak’s own encrypted messaging and file sharing software, most of us already interact with cryptography daily, and increasing numbers of people are recognising the value of VPNs when it comes […]
SpiderOak’s vision is to secure the world’s data. Our goal is to reduce the complexity of the security surface to the point where it can be reasoned about, so that assumptions are few, and those that remain are well understood. This means reducing both lines of code and the number of people who must be […]