Zero Trust

Many of the security counter measures being leveraged by businesses today simply address the past (trust then verify). These tools advise and protect when issues are detected, then the problems can be addressed. There is often a time lag from identification, addressing the issues, and resolving the actual issues. To understand the overall state of security in an organization there are a considerable number of tools required. For the most part, each of these tools have an application agent to be deployed. The result is often a "one of everything" approach.Zero Trust is a framework not a solution. Zero Trust is a part of an ongoing continuous process improvement plan, and should evolve with the times to deliver true security to an organization.The common thread is the ability to identify known vectors of end user satisfaction or organizational risk to address issues. The comment about "known" vectors is the key - security counter measures can only respond to what is known and understood at a particular moment in time. Risk is a very straightforward concept. Risk is either real or not. Closed Loop Lifecycle Planning© in its research called The Risk Cycle© concluded that risk does not have a "gray" area - something is either a risk or not. Our book has challenged the assumption that there is such a thing as "reasonable risk". The theory of reasonable risk is that businesses and organizations make a conscious decision that a risk is reasonable to take, and then accepts the exposure. Zero Trust would argue that the approach itself is not reasonable.