With the X-Files soon making a return to the small screen (!!!), I have been thinking a lot lately about the concept of trust. Specifically as it relates to security, and especially the concept of “Zero-Trust”. Many security front-runners have begun enacting a new security architecture called Zero-Trust Networking and it really took off when Google decided to implement it.
The underlying philosophy of Zero-Trust Networking is exactly as it sounds: Do Not Trust Anything. This means, don’t assume any security compliance from your perimeter, your firewalls, your devices and especially your users. But if you can’t trust your perimeter to protect you, what does securing your enterprise mean? It boils down to these points:
- There IS NO security perimeter (trusted zone) anymore
Any system or user that interacts with your data must be considered possibly malicious. The local corporate network is now considered as dangerous as the internet, and sensitive data is always at risk.
- Encrypt Everything Sensitive at All Times
Once you consider all transactions to be high-risk you realize that no transaction can occur in clear text. Just like banks keep money in a vault and move it around in armored trucks data should be under lock-and-key at all times.
- Apply Granular Authentication
General practice today is to authenticate before entering a ‘trust zone’ and then become a ‘trusted entity’ until you exit. If there is no trusted zone each transaction must be authenticated individually and continually.
What does this model mean for Agari?
Agari’s solution, combined with our focus on getting every customer to reject, provides an auditable authentication layer to data-transactions that are otherwise impossible to secure or monitor.
To translate that out of geek-speak:
If you have a Zero-Trust initiative and you want to accomplish bullets 2 and 3 above then we are the ONLY game in town.
A very common set of objections we get from most security professionals boil down to:
“Well that occurs in an untrusted zone so it’s not my problem.”
Well, under Zero-Trust there is no Trusted Zone so there can’t be an Untrusted Zone either. There’s simply data you own and how it is used. Consumers are absolutely using data you own, so if you’re moving to Zero-Trust their interactions, and the safety of those actions, are absolutely your concern.