Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Could it be that one of the most common credos taught to security professionals is actually leading them astray?
Every practitioner has heard it before: Trust that employees are doing the right thing, but verify that data is protected. Proponents of a new security model, however, argue that while the phrase “trust, but verify” sounds good in theory, the reality is that most security practitioners have been doing the opposite – trusting users by default, but never verifying that data is protected.
“Whoever said, ‘This needs to become a mantra,' missed the mark,” says John Kindervag, a senior analyst at Forrester Research. “It incentivices people to not know what's going on. There is no reason to have any trust in the network.” Kindervag is the driving force behind a new model called “zero-trust” that is gaining support with the security community.
Registered users may log in here.
Login or Register now and get unlimited access.