Understanding zero-trust design philosophy and principles

2024-01-09 05:30

In this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy.

Why does the definition of zero trust vary so significantly among security professionals and companies? How do these variations impact companies' approach toward implementing zero trust?

Zero trust is a broad design philosophy, distilled from Saltzer and Schroeder's seminal 1973 paper, "The Protection of Information in Computer Systems." It described ten design principles that must be considered when designing and building systems intended to be secure.

Zero trust is a design philosophy that applies to every facet of an enterprise's IT estate - from the laptops and desktops that employees use to do their jobs, right through to the servers or public cloud infrastructure used to deliver services to customers.

Because of vendors crowding into the space and using zero trust as a marketing buzzword - and the wide design space in general - implementations and products muddied the waters about what zero trust is all about.

Finally, zero trust in an enterprise is the adoption of a design philosophy and architectural concepts - not as a particular goal as a part of a project or existing initiative.

News URL

https://www.helpnetsecurity.com/2024/01/09/phil-vachon-bloomberg-zero-trust-design-philosophy/

#zerotrust