For the last thirty years the prevailing approach to securing IT has been to fortify the network from the outside world: “build a tall, strong, wall with well-guarded gates.” From many perspectives this has been a good choice; InfoSec teams focus their efforts and budget on ingress-egress points without having to manage the complexity and churn of an organization’s internal affairs.
Unfortunately, it also means that any breach of the perimeter often leads to catastrophic failure.
In practice, organizations do watch the inside of their networks for threat actors, both insider and external, who might mean them harm. But even this approach still largely trusts the IT network.
With zero trust architecture, all services on the network are mutually distrustful of each other and require authentication and authorization amongst themselves. This approach is a large leap forward from the perspective of operations and InfoSec teams. With the zero trust model, a single breach of an IT system is not game over event… unless it is.
What happens from the perspective of a user if the system breached holds the information they need protected? What happens if the system breached is the one upon which a user depended, or worse yet a key system like the directory service or network filesystem server? The problem is not the idea behind Zero Trust Networks, but that Zero Trust Networks don’t go far enough.
What if IT systems are not trusted at all? This has become popular in the consumer market with end to end cryptography (e2e), protecting messages and files from the sender’s device all the way to the recipient’s device. In e2e systems, even if service operators wish to eavesdrop on customers’ communications they can’t. This is the end game for Zero Trust, where IT systems and their operators are part of the threat model. An administrator of the communications system will not see the contents of the encrypted chats and shared files, not because the operator is following the rules/policies/compensating controls, but because there are technical measures that protect data from all but the intended parties.
Even today, the tools are ready for Zero Trust Infrastructure to be deployed to protect data in an enterprise environment without trusting anyone but the owners of the data. Secure file sharing and secure collaboration based in Zero Trust principals is available now, and we are only making them more feature-rich yet totally secure.
In this episode we talk with Alex Flaxman, a medical doctor with software development experience. He has unique insights around privacy and security to share.
Today we chat with Shannon Morse. She is a content creator and influencer with a focus on infosec and privacy. We talk about her recommendations, how to factor physical security into your threat model, and lots more.
Today we chat with Zach Otte about the intersection of design, security, and privacy. Balancing these is an important part of the work he does at SpiderOak and he’s got some great insights to share.