Last Updated on August 6, 2021
Thanks to President Biden’s recent Executive Order on Improving the Nation’s Cybersecurity, Zero Trust is one of the hottest buzzwords in our industry. But Zero Trust isn’t just the latest technology fad—it’s a different way of looking at security from the ground up. And it’s been proving itself in organizations of all sizes and sectors for over a decade.
When properly implemented, the Zero Trust approach yields a highly robust security posture that inherently thwarts many attacks. But what is the impact of Zero Trust on operational efficiency and effectiveness? Does it put onerous roadblocks between users and data? Does it come with tons of new admin overhead? How is the business likely to be impacted?
To give our audience the richest and most informative introduction to Zero Trust, a recent episode of The Virtual CISO Podcast features the person who conceived the Zero Trust model: John Kindervag, currently Senior Vice President of Cybersecurity Strategy at ON2IT Cybersecurity. The show’s host is John Verry, Pivot Point Security CISO and Managing Partner.
Zero Trust is transparent to users
“We do [Zero Trust] incrementally, first of all, so that we can’t screw up everything all at once,” John jokes. “But generally, it’s transparent to the user. So, a user won’t know they’re on a Zero Trust environment.”
“If somebody can’t get access to data, it’s one of two things. One is they don’t need access to it. Maybe they used to have access to it. But then somebody has to say, ‘Do they need to have access to do their job?’ Or second, yeah, there was just something that didn’t go right. So now we’re immediately going to give you access to it. Those are the only two outcomes. So it doesn’t impact people in a negative way.”
Limiting access to data
John uses himself as an example of how Zero Trust is meant to work: “I know you do a lot of work in the government, and I do, too. Over the years, so many people said, ‘We’ll sponsor you for your clearances. No, I don’t want a clearance. Well, everybody wants clearance. I don’t want a clearance. Why not?’”
“Look, I don’t need to have access to any of your data to do my job for you, which is this high-level architectural design,” John continues. “If we’re doing this real Zero Trust thing, then you should ask, ‘Does John need to have access to the data?’ And the answer is no; then we won’t give him a clearance. … We give too much access to too much data to too many people for no reason except that’s the way we’ve always done it.”
If you’re thinking about implementing Zero Trust in your organization, make sure you catch this highly informative podcast with John Kindervag, creator of Zero Trust.