Wisdom can come from unusual sources, even the lyrics of classic rock bands from my youth. The band Pink Floyd, in their song “Dogs” from the 1977 album “Animals,” noted, “You have to be trusted by the people that you lie to so that when they turn their backs on you, you’ll get the chance to put the knife in.”
This lyric reminds us of something important about trust: it creates vulnerability. We let our guard down at our peril. This simple truth is the foundation of a network security philosophy known as Zero Trust.
Assume the Worst
Despite the name, Zero Trust doesn’t mean nothing is trusted under any circumstances. It means trust is not implicitly granted and never more than necessary for a particular user or device to accomplish its function. It is a suspicious posture, assuming all networks are untrustworthy, potentially even hostile, including those running on company infrastructure inside branch offices.
It requires users and devices to be explicitly authenticated, where possible using multi-factor authentication. And it dynamically assesses “trustworthiness,” so user actions that might be permissible from a company-managed laptop plugged into a company-managed Ethernet switch might be disallowed when attempted from an unmanaged device over a public WIFI network at a coffee shop or airport.
By assuming the worst, Zero Trust architecture minimizes the risk of compromise and limits the potential harm a compromise might cause.
Zero Trust and SASE
The fact that Zero Trust is an essential ingredient in the Secure Access Service Edge (SASE) framework should come as no surprise. SASE is tailored to the modern enterprise, where more users may be remote than in offices and more applications and data may be in the cloud than in the data center.
SASE provides security in a world where the Internet is the WAN and traditional notions of security perimeters are obsolete. It is a world in which the suspicions of Zero Trust are manifestly justified. SASE without Zero Trust would be a recipe for disaster. Trust me.
À propos de GTT
GTT connects people across organizations, around the world, and to every application in the cloud. Our clients benefit from an outstanding service experience built on our core values of simplicity, speed, and agility. GTT owns and operates a global Tier 1 internet network and provides a comprehensive suite of cloud networking services. We also offer a complementary portfolio of managed services, including managed SD-WAN from leading technology vendors.