A lot of the companies I work for are startups where remote working is the norm and some don’t even have any physical office or ‘network’. Zero trust is the norm. To me there’s no such thing as a trusted network. All communication paths should be encrypted, all app access should be authenticated, all endpoints should be validated.
It’s completely different when I’m consulting with corporate clients where VPNs, flat intranets and unencrypted connections abound. Given the inertia of thousands of endpoints on a network I found this an interesting snippet…:
[…] In 2016 Gartner predicted that by 2020, ⅓ of all threats would enter organizations via shadow IT resources. It’s a bit early to see if their prediction is totally on the mark, but either way, it’s pretty close to that. One of the ways to combat the rising risk is with a Zero Trust approach that according to InformationWeek.com “does not allow a user to access the network until all security criteria, predefined by IT and business management, have been met….Digital identity and access permissions are strictly enforced.”