What are the biggest challenges posed by building Zero trust architecture?
Sort by:
They can't be two silos. They’re both part of the digital fabric. I look at digital twins and digital threads, and the threads are all woven into the same fabric. And every third thread across that fabric/framework has to be security. And then there's the privacy thread. So how am I going to mitigate it? It's very difficult, but I think it's a design-for-security mantra that we're all singing and have to get through.
The Zero Trust model has a couple variations in my company. One is access: What level and what type of access do you have? And the other part is: What data is actually being shared or accessed within these systems? We had a bot that we used to limit access to specific protected health information (PHI data) but it became a problem. We envisioned setting a limited number of bots to perform certain operations, but now we have a list of tasks and each one creates a new bot. At the time we felt it was a good model because it was controlled and defined by policy. That’s not the case anymore because there's a gap in how these permissions are being assigned to the bots and there are too many bots.
In The Pentagon's Brain by Annie Jacobsen, the author's premise is that our struggle with Zero Trust stems from the original intent of the internet, which was trust between government agencies and colleges to share data. We've never walked away from that. Now, instead of that gap being based on a place of trust to share information, it's a place of trust to ensure usability. We place user experience over secure design, but those two have to coordinate. They have to intersect now, it can't be one versus the other.