cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Zero Trust is coming - are you prepared?

Hi All

 

An interesting piece by an Australian Technology Journalist, he has the right idea, but full of myths and half truths as usual.

 

https://ia.acs.org.au/content/ia/article/2021/zero-clue-about-zero-trust--.html?ref=newsletter

 

Regards

 

Caute_Cautim

 

 

21 Replies
mgorman
Contributor II

I think you are being generous, I couldn't find enough information in the article to identify myths or half truths.  Everyone is jumping on the bandwagon, and the Zero Trust noise level is so high, it is hard for people who know the technology, the risks, etc. to make sense of the landscape, much less those at the edge.  

AppDefects
Community Champion

(ISC)2 members have access to a Zero Trust express learning (approximately 2 hours in length). Check it out here: "Preparing for a Zero Trust Initiative".

Masahiro
Newcomer III

I would like to say "don't be satisfied with implementing ZTA and completely throw VPN, active directory and something vulnerable away".

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
Caute_cautim
Community Champion

@Masahiro   Great thoughts I would also like to put forward an IBM Business Point of View on the subject with statistics.  https://www.ibm.com/thought-leadership/institute-business-value/report/zero-trust-security

 

Download the article and give it a read for yourselves.

 

Regards

 

Caute_cautim

 

 

Caute_cautim
Community Champion

@AppDefectsThanks I will test it out, and provide comments as a result.

 

Regards

 

Caute_cautim

Caute_cautim
Community Champion

@mgorman   Well ZTNA is a myth it is a construct invented by Gartner, and it only illustrates one Use Case, the protecting remote workers - there are currently about 43 Use Cases available. 

 

The term ZTNA was never part of the original Zero Trust principles.

 

Rather like another well known vendor stating they have Trusted Access, if you cannot trust anyone, anything, how can you have trusted access?

 

Regards

 

Caute_Cautim

mgorman
Contributor II

I do not disagree, as I said, Zero Trust has become the latest buzz word to justify budgets and market products.  It has also expanded the definitions over time.  While I agree with you 100% that a gateway model is not Zero Trust, as you are then trusting the gateway, it has become commonly accepted, and is even noted in NIST work.  At the same time we can say that ZTNA isn't real Zero Trust, that is an argument at almost any implementation level, because it is not a standard, it is not a given model, it is a set of principles and a goal.  Like any other security layer, partially implementing Zero Trust principles may have beneficial effects, if done properly.  As privacy regulation helped a lot of organizations clean up their data stores, perhaps Zero Trust will lead to better segmentation and permission management, at least for a while.

Caute_cautim
Community Champion

@mgorman   Thank you for your comments and wise words.

 

An interesting article popped up from the CSOonline, which spells out some of those myths iand misconceptions is shown below:

 

https://www.csoonline.com/article/3634395/6-zero-trust-myths-and-misconceptions.html#tk.rss_all

 

Regards

 

Caute_Cautim

mgorman
Contributor II

I think the best one is that this means you don't trust your employees.  I have had this conversation several times recently about other controls.  I trust our employees, generally, I don't trust whoever SAYS they are our employee, until they PROVE they are our employee.  Once you get there in your head, Zero Trust becomes easy, you just have to ask that question over and over, and over.  Who is this, and how do I KNOW that?