Last Updated on August 2, 2021
If you haven’t heard about Zero Trust yet, you’ve been hiding under an impressively large rock. From President Biden on down, Zero Trust is being hailed as the silver bullet that could send hackers packing once and for all.
Why is Zero Trust now at the forefront of cybersecurity? After all, it’s been “out there” for over ten years. Why didn’t we wake up to its potential sooner?
To share everything you need to know about Zero Trust, a recent episode of The Virtual CISO Podcast features John Kindervag, Senior Vice President of Cybersecurity Strategy at ON2IT Cybersecurity, and the person who originated Zero Trust over ten years ago. John Verry, Pivot Point Security CISO and Managing Partner, hosts the show.
“Change is hard. It took ten years to get the momentum because Sisyphus is pushing the rock,” John quips. “The rock is heavy. It’s only me, right? But eventually there were more and more people coming to help me push the rock.”
It’s also been hard to get early adopters to publicly acknowledge that they’d adopted Zero Trust, because it offered such a huge advantage against attackers. Case studies have been hard to come by, despite the overwhelming success of the Zero Trust approach.
“But there were all these people doing it on the back end, and especially in the government,” shares John. “I was told by a government official a number of years ago that they had deployed it in one particular area. And they were really amazed by how well it was working. And he said, ‘We’ve determined that this Zero Trust model is our best chance of maintaining our network in the event of a sustained nation state attack.’”
The OPM data breach
“The first time you saw that really hinted out was after the OPM data breach. US Congress, the Oversight and Government Reform Committee of the US House of Representatives, issued the OPM data breach report, where they said that all government agencies to adopt a zero trust model,” says John. “Then the chairman of that committee came out and wrote a bylined article and said, ‘Zero trust would have profoundly limited the attacker’s ability to access such sensitive resources.’”
“So, it’s been known for a long time that this is effective,” John continues. “But if you’re somebody who has to do it, you’re like, ‘I don’t like change.’ No one likes change. So, it took a while for the incentives to happen. And now the biggest incentive, the President of the United States issuing an executive order, has come through. And suddenly all the people who were telling me that I was completely insane, and Zero Trust will never take off, have big Zero Trust messaging, and practices, and all that kind of stuff. So, it’s humbling. It’s gratifying.”
This podcast with Zero Trust mastermind John Kindervag is the perfect overview and introduction to Zero Trust concepts and implementation—don’t miss it!