Weekly Briefing: 10/7/24
14 Years of Zero Trust: A Retrospective on Security’s Biggest Mindset Shift
John Kindervag, Chief Evangelist at Illumio | October 7, 2024 | 7 min. read
I started my career installing firewalls in the 1980s. Even then, I questioned the absolute trust we were putting in our networks. Why did we have strong security at the network perimeter but nowhere else?
Cybercrime wasn’t ubiquitous then like it is now. But if there was any kind of intrusion of the network perimeter, I could already predict that an attacker’s free range inside the network would be catastrophic.
I thought about it this way. If someone you didn’t know was in your house getting a beer out of your fridge, you wouldn’t start making up the guest bedroom so they could get comfortable and stay the night. You’d do anything to keep them from getting further inside!
But that’s exactly what we were doing in our networks under the traditional trust model. The minute someone accessed the trusted internal network, they had access to everything there. We needed a way to have security everywhere, not just at the network perimeter.
And so when I released the first report on in September 2010, I hoped to start a conversation about the blind trust we were putting in our networks — and how downright dangerous it was. I designed the Zero Trust model to stop the spread of breaches and prevent cyberattacks from being successful by getting rid of trust from our digital systems.
Like many big ideas, it didn’t catch fire early on. The cybersecurity industry was skeptical, to say the least, and the model’s uptake was slow. There was a lot of outdated thinking that needed to get up to speed with the new threat landscape of the early 2010s.
But there were a few two turning points.
The 2015 breach of the U.S. Office of Personnel Management (OPM)
This is one of the largest breaches of government data in U.S. history. The Chinese government stole 22 million classified records, including security clearance information, personal details, and fingerprints. As FBI director James Comey said at the time, it revealed data on “everybody who has worked for, tried to work for, or works for the United States government.”
The resulting breach report recommended a Zero Trust security model for all U.S. federal agencies. OPM had relied on security at its network perimeter. When attackers breached the perimeter, they easily moved through the rest of the network until they reached the OPM's “crown jewel” data.
Recommended by LinkedIn
Executive Order (EO) 14028 in 2021
The Biden Administration’s Executive Order on Improving the Nation's Cybersecurity came in response to the 2020 SolarWinds attacks. The report states that “The Federal Government must adopt security best practices [and] advance toward Zero Trust Architecture.”
Introducing The Hub
Over a decade after my first report on Zero Trust, the concept has finally reached the mainstream. Private organizations are leading Zero Trust programs, and the strategy is being implemented at the highest levels of government worldwide. There's broader acceptance that breaches will happen and that a Zero Trust strategy will make networks resilient against them.
That’s why we’re launching The Hub. It’s a place for you to get Zero Trust trends, insights, and resources all in one place so that you can make the right security decisions for your organization.
Each week, The Hub will feature:
As Zero Trust and microsegmentation continue to evolve, one thing is clear: this is just the beginning. So let's keep the dialogue going.
Head to The Zero Trust Hub: hub.illumio.com
Sr. Global Events Management & Strategy Specialist at Illumio
2moDone!! So exciting.
PR, Marketing, Comms, Digital & Events
2moOut of the blocks! Amazing to see.
Director, Brand and Creative | Illumio
2moSubscribed asap. 👏
Exciting stuff!
Corporate Communications Leader | Communications Strategy & Planning | Public Relations | Social Media | Content & Thought Leadership | Internal Communications | Leading with Empathy
2moLove this so much!