Cyberweekly #190 - It's not zero trust, it's moving trust
cyberweekly.substack.com
Zero trust is the architecture we talk about where there is zero trust in the fact that the requests are "coming from inside the network". But in fact, all we are doing is moving the trust. It used to be that most applications probably used a number of trust signals, they just didn't call them that. So they only exposed the service on an internal LAN, and they might have HTTP Basic Authentication with a known password. This is assuming that attackers find it difficult to get onto the internal network, and cannot read the password from the internal documentation (also on the network).
Cyberweekly #190 - It's not zero trust, it's moving trust
Cyberweekly #190 - It's not zero trust, it's…
Cyberweekly #190 - It's not zero trust, it's moving trust
Zero trust is the architecture we talk about where there is zero trust in the fact that the requests are "coming from inside the network". But in fact, all we are doing is moving the trust. It used to be that most applications probably used a number of trust signals, they just didn't call them that. So they only exposed the service on an internal LAN, and they might have HTTP Basic Authentication with a known password. This is assuming that attackers find it difficult to get onto the internal network, and cannot read the password from the internal documentation (also on the network).