I feel like when ‘Zero Trust’ first became a thing, the theme was ‘you should have every endpoint under your control hardened so it need not feer untrusted peers being able to connect’. E.g. if you think you absolutely need VPN to a ‘private network’ for security, then you are failing to be hardened in a ‘zero trust’ way, because you implicitly fear that your systems would fall to untrusted peers.
I feel like it’s evolved to ‘don’t let anything be able to connect to anything under your control unless you have admin privilege over it as well’. Which is particularly a nightmare when you try to collaborate between two companies, each balking at the other’s hard requirement to have admin access to all network peers of interest.
Corporations really, really love being admin on everybody elses devices. See kernel level anticheat.
I feel like people have gotten zero trust (I don’t need to trust anybody) confused with “I don’t trust anybody”.
I was listening to a podcast by packet pushers and they were like “So you meet a vendor, and they are like, ‘So what do you think zero trust means? We can work with that’”.
I feel like when ‘Zero Trust’ first became a thing, the theme was ‘you should have every endpoint under your control hardened so it need not feer untrusted peers being able to connect’. E.g. if you think you absolutely need VPN to a ‘private network’ for security, then you are failing to be hardened in a ‘zero trust’ way, because you implicitly fear that your systems would fall to untrusted peers.
I feel like it’s evolved to ‘don’t let anything be able to connect to anything under your control unless you have admin privilege over it as well’. Which is particularly a nightmare when you try to collaborate between two companies, each balking at the other’s hard requirement to have admin access to all network peers of interest.
Corporations really, really love being admin on everybody elses devices. See kernel level anticheat.
I feel like people have gotten zero trust (I don’t need to trust anybody) confused with “I don’t trust anybody”.
I was listening to a podcast by packet pushers and they were like “So you meet a vendor, and they are like, ‘So what do you think zero trust means? We can work with that’”.