The term “Zero Trust” is now a mainstream industry trend, for better or for worse.
The positive aspect of this is that - especially for those of us in the information security industry - there’s a name for this security philosophy, and shift toward approaching security architectures and policy models form a holistic perspective, breaking down traditional silos and barriers.
Really “Zero Trust” is about zero inherent or implicit trust. Zero Trust is about carefully building a foundation of trust (based on sound cryptographic validation), and growing that trust to ultimately permit an appropriate level of access at the right time. It could perhaps have been called “earned trust” or “adaptive trust” or “zero implicit trust,” and these would have suited the movement better, but “Zero Trust” has more sizzle, and it stuck.
The term is now very broadly used - in fact, being the core part of the May 2021 White House executive order issued by President Biden. So we need to embrace it.
However, for non-security people, I agree that the term can be off-putting or potentially insulting. I’ve seen enterprises deliberately term their Zero Trust initiatives as things such as “Modern Workplace Security”, or “Digital Transformation”. That’s fine - security leaders can and should adapt things to best suit the culture and context of their organizations.
The positive aspect of this is that - especially for those of us in the information security industry - there’s a name for this security philosophy, and shift toward approaching security architectures and policy models form a holistic perspective, breaking down traditional silos and barriers.
Really “Zero Trust” is about zero inherent or implicit trust. Zero Trust is about carefully building a foundation of trust (based on sound cryptographic validation), and growing that trust to ultimately permit an appropriate level of access at the right time. It could perhaps have been called “earned trust” or “adaptive trust” or “zero implicit trust,” and these would have suited the movement better, but “Zero Trust” has more sizzle, and it stuck.
The term is now very broadly used - in fact, being the core part of the May 2021 White House executive order issued by President Biden. So we need to embrace it.
However, for non-security people, I agree that the term can be off-putting or potentially insulting. I’ve seen enterprises deliberately term their Zero Trust initiatives as things such as “Modern Workplace Security”, or “Digital Transformation”. That’s fine - security leaders can and should adapt things to best suit the culture and context of their organizations.
(If you’re interested in more, see my book and website on this subject at https://zerotrustsecurity.guide/ )