Zero Trust (Ducks and Bunnies Edition)

Storytime. Back in the early 2000s, I was a bright-eyed product manager presenting to an executive team about a new product launch. I was both clueless and excited, so when I was done spouting on about the then-fascinating world of “managed Internet connectivity” (not kidding), one of the executives said, “you need to give us the ‘ducks and bunnies’ version of this.”

I still think of this whenever I’m about to jump down a rabbit hole on something.

Fast-forward a decade to 2010. Forrester Research analyst John Kindervag introduced the concept of a Zero Trust Architecture to us businessy security people.

Before I jump down the rabbit holes I mentioned yesterday, here’s the ducks and bunnies version of Zero Trust in case it’s helpful.

Our people and our data are everywhere. At the office. In the cloud. At the airport. At home. All over. So that moat we built around our office with expensive firewalls doesn’t really keep everyone and everything safe in all those places. And actually, it doesn’t really keep people and stuff at the office all that safe either, because it’s just a matter of time before something inside our moat gets hacked.

So we’ll keep the moat. (Firewall sales rep exhales.) But we’re gonna assume everyone, everything, and every action inside or outside the moat is bad and block it. From there, we’ll veeeeery surgically allow veeeeery specific things to happen, so we can, you know, run our business.

Makes a lot of sense, right? True!

Sounds pretty simple, right? Tr….well, we’re still trying to figure out exactly how to do it 12 years later.

But us sales and marketing people love a great story, so we’ve been running with it. In about a million different directions.

Meanwhile, Mr. Kindervag left Forrester, and Dr. Cunningham took over. Then Dr. Cunningham left, and Mr. Holmes took over.

And our hero (clinks beer glasses with Donald Miller), the security buyer, is still sitting there with no plan.

-Doug