![]() This mostly has to do with the fact that the term Zero Trust tends to be misused or misinterpreted to fulfill the agenda of vendors looking to make their solutions more attractive and compelling. ![]() Zero Trust: A Strategy, Not A ToolĮven though Zero Trust recently celebrated its 10th anniversary, why don’t people and organizations fully understand what Zero Trust means and how it should be implemented? ![]() On the other hand, if adopted correctly, Zero Trust thwarts this advantage, by removing the concept of trust from the decision making related to accessing information and interacting with digital assets. What do these questions have in common? They all rely on the assumption that an implicitly trusted component can give an attacker a clear offensive advantage.Īttackers do indeed gain an advantage when they are able to take control of a machine that is implicitly trusted and therefore access other systems without any further security checks. What can I access by using this combination of trusted username and password?.How many systems can be reached from this trusted device?.Here are some of the most basic questions any attacker will go through while planning the compromise of an IT system: This is what we call “Implicit Trust.” Implicit Trust and the Attacker This perception of trust comes from the implicit belief that these components have somehow earned the right to be used without restriction, most likely because of their present location or the fact they have proven their identity at least once, successfully. In cybersecurity, for example, you’ll often see mentions of trusted networks, channels, interfaces, devices, certificates, credentials and many other elements of the IT infrastructure that have been personified, in order to achieve simplification. Trouble starts to appear when access from these users’ devices is loosely granted to data, applications and IT systems. We use technology to mediate between where workers are and where the information they need to access is stored. But, there’s a second element of trust involved in remote work. What is “trust” if not an emotional brain state that is reached when there is belief that someone will behave in certain ways? Employers can and should trust employees. But, trusting remote workers is very different from implicitly trusting the technology they use. ![]() That missing trust in employees seems to suddenly be adopted and effectively so. As part of dealing with the challenges of the past 18 months, people adapted to completely different ways of living, learning and working. Until recently, working remotely in the comfort of home was perceived as a rare permission or privilege. That is, employers wondered if they could trust employees to do the right thing when they weren’t in the office, delivering the same level of performance or productivity when faced with the distractions of home. Trust was historically the barrier to widespread implementation of remote work.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |