I’m going to start this post by saying there is zero trust and then there is zero trust. What are the distinguishing factors? One is a technology concept aligned with least privileged access to connect users only to specific applications, the other is a collection of words that has marketing departments in every network company, that ever built a VPN, salivating at the opportunity to repackage decades-old technology under a new banner.
The zero trust term is being slapped across classic VPNs, 802.1x, captive portals and any other number of technologies. While they provide authentication to end-users, and can apply a set of access controls, they are still fundamentally built around users accessing networks.
Microsoft has summed up the core principles of Zero Trust perfectly, which essentially boils down to explicitly verifying every request, using the least privileged access possible, and always assuming that a breach could have occurred. (Source: Microsoft)
However, rather than debate the nitty-gritty of network access controls, I wanted to instead focus on a more extreme view of what good looks like in the zero-trust world. We’ll call it zero trust with extreme prejudice….or ZTEP for short (and yes that is tongue in cheek).
We make it no secret that we have a very strong relationship with Zscaler, and this really comes down to one factor. They are a market-leading security company, not a marketing company. Their acquisition game has also been absolutely on point, and rather than trying to swallow elephants, they have picked up niche technology companies that align with their zero-trust vision.
Ultimately, we end up with an application-aware, policy-based and least privileged access approach to traffic between our users and their applications, applications and other applications, and between our various cloud environments.
That sounds like a pretty damn good start to me. The piece I really love is how Zscaler Deception is being built into other offerings. Just when you thought you were in the circle of trust, we’re going to tempt you and test you…. sounds like something from Meet the Fockers.
That pretty much sums up the “extreme prejudice” piece for me.