Zero trust security: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{#addbodyclass:tag_tech}} | |||
{{#addbodyclass:tag_security}} | |||
<!-- | <!-- | ||
Line 4: | Line 6: | ||
Zero trust security is a | Zero trust security is a design principle, a way of thinking about access between systems, and how to architect when these all needs to interact, | ||
approximately to trust nothing until there is specific reason to. | |||
Consider how companies historically often end up trusting certain central parts (LDAP, RADIUS servers) blindly ("well you have to do something"), | Consider how companies historically often end up trusting certain central parts (LDAP, RADIUS servers) blindly ("well you have to do something"), | ||
and/or consider all devices within a company perimeter (physical or VPN) trustworthy to a | and/or consider all devices within a company perimeter (physical or VPN) trustworthy to a some degree ("well we put bring-your-own-device stuff on their own network, and it's internal anyway"). | ||
There are also cases where you say 'decentralized' and 'IoT', | |||
which somehow seem much easier to mess up security-wise than localized networks. | |||
What they share is that when security is easily made an afterthrought, | |||
it becomes a mess of "but can't you make it work?", continuous concessions and shifting goalposts. | |||
The larger the system, the more impossible this becomes to oversee. | |||
Zero trust takes a harder stance, by saying to never implicitly trust ''any'' device, unless you have a specific good reason to do so, based on verification (preferably verification in both directions). | |||
Zero trust also makes implications in larger systems more digestible. | |||
That said, exactly how this idea is still depends on implementation, | |||
because depending on the details, it may be in your way too much, | |||
and there is no security system circumvented faster than one that makes it impossible to do your work. | |||
Zero trust is easily compared to the principle of [[least privilege]], just a slightly different take on practice. | Zero trust is easily compared to the principle of [[least privilege]], just a slightly different take on practice. | ||
[[Least privilege]][https://en.wikipedia.org/wiki/Principle_of_least_privilege] tells you each module of a system should only be able to access the information necessary for its legitimate purpose. | [[Least privilege]][https://en.wikipedia.org/wiki/Principle_of_least_privilege] tells you each module of a system should only be able to access the information necessary for its legitimate purpose. |
Latest revision as of 00:51, 21 April 2024