“Traditionally, our network architectures are hinged on the idea of ‘trust everything inside and trust few-to-none outside the network,’” Momodou Jaiteh, senior application security consultant at nVisium, told Dice. “While this model has served us to some extent in the past, we are increasingly seeing more and more gaps that have led to a number of high-profile breaches. These gaps continue to widen as we embark on more open architectures—such as the cloud and microservices—where the boundaries are much more blurred.”
What zero trust does promise to do is re-enforce principles of least privilege and defense-in-depth, which can limit the number of breaches, but also reduce lateral movement by attackers if they do manage to bypass the initial security tools and establish a presence within a network, Jaiteh said. Now with the federal government embracing these techniques, the concept is only likely to expand.
“The Biden administration’s effort to advocate for—and prioritize—zero trust adoption in the federal government and the private sector at large is extremely significant. Although the private sector is starting to hone in on zero trust architectures, it is still in its infancy in terms of adoption rates,” Jaiteh noted. “The Biden administration has taken the necessary first step and I hope to see state and local governments follow suit, in addition to more private sector organizations taking a similar trajectory.”