The double-edged sword of zero trust

In an era defined by relentless cyber threats and evolving attack vectors, traditional security models are proving increasingly inadequate to safeguard sensitive information. Unlike conventional systems that often rely on perimeter defenses, zero trust adopts a more discerning philosophy, treating every user, device, and transaction as untrusted by default. This model encourages the implementation of robust access controls, multi-factor authentication, encryption, and continuous monitoring.

In this Help Net Security round-up, we present segments from previously recorded videos in which cybersecurity experts emphasize the importance of zero trust in the context of cybersecurity, underscoring its crucial role in mitigating the risks posed by cyber threats and evolving attack vectors.

Complete videos

• John Grancarich, Executive VP of Product and Growth Strategy at HelpSystems, provides insight into how the biggest threat in cybersecurity today is not the next attack but rather the implicit trust organizations grant to access their critical resources.
• Kevin Peterson, Cybersecurity Strategist at Xalient, provides an overview of the early days of zero trust, illustrates where we are today, and offers tips for implementing zero trust for a secure hybrid working enterprise.
• Matthew Chiodi, Chief Trust Officer of Cerby, talks about the likely hole in your security strategy. This video zeroes in on one of the most important yet often missed areas of zero trust: unmanageable applications, which leading analysts say contribute to a third of all security breaches.
• Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT.
• Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services.
• John Kindervag, zero trust creator and Chief Evangelist at Illumio, discusses how organizations need modern security approaches that offer them real-time visibility and containment by default to mitigate risk and optimize opportunities afforded by the cloud.