Interesting article indeed. While I don't disagree with much of what's been put forward here, there is this pervasive omission of one key element in almost every article I read about ZT. With all the focus on the security aspects, there remains a near total absence of discussion about deploying workloads in a manner that's consistent with the L7 controls required to instrument a proper ZT environment.
To me, this is all just talk until the echo chamber directly engages the SRE teams and begin to migrate their DAAS elements into an architecture that supports the ZT model, in partnership with the secops teams that will operate within that environment. This has to be a team sport.
------------------------------
Jonathan Flack Managing Director, ACM, CNCF, CSA
------------------------------
Original Message:
Sent: Nov 14, 2022 11:21:44 AM
From: Erik Johnson
Subject: Interesting Article: Zero-trust has changed cybersecurity forever
Concise and to the point. A quick but worthwhile read:
https://www.scmagazine.com/perspective/zero-trust/zero-trust-has-changed-cybersecurity-forever
------------------------------
Erik Johnson CCSK, CCSP, CISSP, PMP
Senior Research Analyst
Cloud Security Alliance
Leesburg VA
------------------------------