It seems no security conference or conversation is complete without a discussion on zero trust. But not long ago, “trust” was only a human emotion and did not exist in the digital world. The zero-trust model and zero-trust architecture are not new concepts and were devised in the last decade. The terms increased in popularity since the pandemic struck in 2020, and they are now more relevant than ever, especially as we now find ourselves living in a time in which there is no network perimeter.
In an exclusive interview with Brian Pereira, Editor-in-Chief, CISO Mag, John Kindervag Senior Vice President Cybersecurity Strategy and ON2IT Global Fellow, explains the genesis of the Zero-Trust model, and what he wanted it to be, when he came up with the term in 2008.
Kindervag said there were two worlds back then. The internal network was safe, trusted, and secure. It had the highest level of trust. The external network had the lowest level of trust. He opposed the idea that the network needed to have a crunchy, hardened layer on the outside, and a soft, chewy inside. For a long time, security professionals assumed that malicious individuals wouldn’t get past the “hard, crunchy outside,” as he writes in his paper. He suggested that there should be a lot of crunchy, and a little bit of softness on the inside, which is the data that needs to be protected. In his words, “Zero trust needs to be like a chocolate chip cookie.”
The paper suggested that the way to confront new threats was to eliminate the soft, chewy center and make security ubiquitous throughout the network, not just the perimeter. So, the zero-trust model was created to help security professionals do this effectively.
The zero-trust definition is more widespread today, with zero-trust architecture extending way beyond the corporate perimeter and onto the cloud and remote access platforms.
Kindervag joined ON2IT in March of 2021 as Senior Vice President Cybersecurity Strategy and ON2IT Global Fellow. He spent the previous four years at Palo Alto Networks as Field CTO. Before Palo Alto Networks, John spent eight and one-half years at Forrester Research as a Vice President and Principal Analyst on the Security and Risk Team. John is considered one of the world’s foremost cybersecurity experts.
About the Interviewer
Brian Pereira is the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved foundational certifications in cloud computing (IBM) and cybersecurity (EC-Council).