The term Zero Trust was coined by then-Forrester analyst, John Kindervag in 2009, who posited that trust was a vulnerability and security should follow a strategy of “Never trust, always verify.”
Today, trust is assumed throughout a typical organization’s infrastructure. Notably:
- After a single authentication, users, devices, services, and workloads are trusted to be legitimate and are granted access to a broad range of resources.
- The ubiquitous use of denylists in security tools inherently trusts that all activity is legitimate unless known to be malicious.
This is a problem.
The Trouble with Trust
Breaches of the corporate perimeter are inevitable, and blacklist-centric security tools can only detect a fraction of the threats faced by today’s organizations. This is precisely why John Kindervag stated that trust is a vulnerability.
When an organization implicitly trusts that a user, device, application, workload, or connection is legitimate, unless proven otherwise, it opens itself (Read more...)