Ulrich Parthier, Publisher of it security, spoke with John Kindervag, Chief Evangelist at Illumio and Founder of Zero Trust, about Zero Trust and its role in the face of current cyber threats.
How has Zero Trust developed from your point of view?
John Kindervag: Over the course of my professional life, I have held various positions such as network engineer, security engineer and security architect, and I was asked: What are the fundamental problems in IT? I answered: You define a trust level on every interface which turns into policies. The internal network is called trusted and has a trust level of one hundred, the external network is called untrusted and has a trust level of zero.
Therefore, you do not need a policy to move from a high trust level network to a low trust level network. Every traffic can move from the inside to the outside without control. That’s stupid. Because all interfaces must have the same trust level, and it’s supposed to be zero. This was the origin of Zero Trust in 2010. That is documented in two papers by me.
The origin story of Zero Trust Zero Trust is a defining term in IT security today and often a marketing buzzword. There are different views on its origin. Also, not everything on Wikipedia is always correct. There it says that the term was first coined in April 1994 by Stephen Paul Marsh in his doctoral thesis on computer security at the University of Stirling. Then, in 2010, analyst John Kindervag used the term Zero Trust model in a paper for Forrester Research. With this, a paradigm shift was made from the strategy of “trust, but verify” to “never trust, always verify”. The model involved moving authentication and cybersecurity into the data path as well as segmentation between individual sessions. Although it remains rooted in the paradigm of network access, it shifts the security perimeter into the network. According to Kindervag, all accessible sources were scanned for his research paper at the time – but nothing was found on Zero Trust. However, Marsh had previously written about the trustworthiness of digital systems – the exact opposite of Zero Trust. Its very aim is to completely eliminate trust in digital systems, as trust is bad per se in IT and a weak point that needs to be avoided. |
You refer to segmentation as the foundation of Zero Trust. How can micro-segmentation help to strengthen cyber resilience and ultimately minimize risks?
John Kindervag: Normal networks are easy to compromise. I always say that if you have a flat network that’s not segmented, you may pay the bills but its owned by the attackers. Because such a network offers hardly any obstacles or control points for lateral movement. This is why we need segmentation. It is the key component in a security architecture in order to protect assets. Understanding the Protect Surface – what needs to be protected and how – is fundamental to understanding Zero Trust.
Would you say that Zero Trust is the answer to modern cyber threats and the ever new attack vectors that are emerging for IT? And why are conventional security models no longer sufficient?
John Kindervag: If there is a successful attack on the IT infrastructure, then the cause is a faulty policy that did not prevent the attack. This means that we are not victims of a cyberattack, but of an incident that a policy allowed to happen. All bad things happen because we allow them to happen, in Zero Trust environments this does not happen. We can ignore such threats, because if policies do not allow them, they are simply obsolete.
Nowadays, a lot is happening in hybrid cloud environments. How is Zero Trust changing security strategies in cloud and on-premise infrastructures?
John Kindervag: Zero Trust doesn’t care where the Protect Surfaces are located. There may be small differences in the technical implementation, but conceptually the services are the same and are based on the same framework.
“Risk management doesn’t work in the cybersecurity environment. I don’t need a risk assessment with hundreds of pages of paperwork on potential sources of danger to know how to protect my IT environment. It’s better to spend the money on proactive protection measures like a Zero Trust architecture.”
John Kindervag, Chief Evangelist at Illumio
Zero Trust is not a finished product, but a combination of technologies, processes, training and yes, ultimately products are used.
John Kindervag: Zero Trust is a strategy that uses products for implementation.
Currently, aspects such as IAM, micro-segmentation, multi-factor authentication and threat and anomaly detection are among the topics covered by Zero Trust. Moving on to the future of cyber security and the evolution of Zero Trust and its role in adapting to new threats and technologies, what is your scenario?
John Kindervag: Zero Trust is all about the mission, not products. The goal is to prevent data breaches and cyberattacks in general. The implementation model will not change, but the technologies and control mechanisms will change over time.
The goal is to minimise the bad consequences of security breaches. The implementation model might not change, but the technologies and control mechanisms will over time.
Mr. Kindervag, thank you for the interview!