Zero trust: The good, the bad and the ugly

We saw a lot of “Cloud Washing” when timeshare morphed via ASP to Cloud. I’ve seen disk drives marketed as “My Cloud” which kind of misses the point…:

[…] The bad side of zero trust concerns the misunderstandings that are currently being propagated. “Among the misconceptions Kindervag is eager to dispel is that zero trust makes a system ‘trusted,’ and that it is just about identity and multi-factor authentication (MFA),” mentioned Zorz. “Zero trust eliminates trust from digital systems, because trust is a vulnerability that can be exploited.”

If Zero Trust was equal to MFA (as many vendors claim), then neither the Snowden nor Manning breaches would have been able to happen,” explained Kindervag. “They had very robust MFA and identity solutions, but no one looked at their packets post-authentication.”

Something else that Kindervag finds disconcerting is that vendors are redefining the meaning of zero trust so that it coincides with what their products are capable of doing. According to Kindervag, there are no “zero trust products.” He told Zorz, “There are products that work well in zero trust environments, but if a vendor comes in to sell you their ‘zero trust’ product, that’s a pretty good indication that they don’t understand the concept.”


Original article