In the cybersecurity world, Zero Trust has been the talk of the town in recent years.
Most organizations now understand that the traditional ‘perimeter defense’ approach to cybersecurity is no longer sufficient and policing activity inside their networks is an important next step.
However, there are very few good definitions of what the ‘trust’ in Zero Trust actually refers to. Many people understandably assume it refers purely to user access and authorization—and while that is certainly an important component of trust, it’s far from the full story.
What Exactly is Trust?
Trust in IT is the assumption that a user, device, application, or service (A.K.A. a “subject”) is:
- Who or what it claims to be
- Allowed access to the resource it is requesting
- Configured and behaving in an expected way
- Free from compromise
- Allowed to take the actions it is currently taking
This is a significant list of (Read more...)
