Category

Quick Read

Refocusing the Zero Trust Conversation

Zero Trust is doomed to forever be a moving target that organizations will only be able to sufficiently achieve with heightened awareness, agility, and, perhaps most importantly, an operating culture that is human-centered, progress-oriented, and not totally insufferable. These are things that cannot simply be purchased from the free market, despite what you might read on industry websites. These solutions literally must be architected, hence the A in ZTA.

Killing the CAC

Since 1999 the Common Access Card (CAC) has been the norm for service members. The CAC has been the standard for so long that the industry has now created technology that far surpasses the CAC. The industry is moving from a net-centric to a data-centric approach. This shift is part of the call to “Kill the CAC.”

Federal Zero Trust Strategy

In January 2022, the Executive Office of the President: Office of Management and Budget released a memorandum for executive departments and agencies. This memo is aligned with the executive order detailing the U.S. government’s shift to a Zero Trust enterprise. As President Biden stated in EO 14028, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.”

Road to Zero Trust Authentication

Why the road to Zero Trust Authentication goes through ZKX 

The Zero Trust security model requires a revolutionary shift from traditional authentication methods that have been in use for decades. While the DoD has mandated migration to zero-trust networks, most organizations are still unclear on how to get started. This briefing outlines why the road to zero trust networks logically starts with the ZKX MFA authentication engine.

What is a cybersecurity expert?

What is a Cybersecurity Expert?

The term cybersecurity expert is overplayed. There is no official or legal definition, and between companies, the meaning of “cybersecurity expert” can vary greatly. When we talk about cyber, we need to understand our audience and trust the “experts” we rely on for information. As we talk to others, what attributes do we use to signal that we are cybersecurity experts? As we interview people for job openings, how do we qualify and differentiate between all of the candidates calling themselves “experts”?

The user and the device: the two most critical pillars of a Zero Trust Architecture

DISA’s 163-page document on the Zero Trust Reference Architecture presents seven pillars of a zero trust environment. These include the user, device, network, applications, data, visibility, and orchestration. Each of these pillars deserves a deep analysis, but in this short post we argue why the first two — user and device — are most critical.

Zero Knowledge vs Zero Trust

Zero Knowledge vs Zero Trust

Zero Knowledge and Zero Trust: they’re basically the same, right? Not quite. While these two terms might be similar in name, they are in fact two completely different ideas. Zero Knowledge can be used to help complete the notion of Zero Trust, but it cannot work in the opposite direction. Zero Knowledge is a mathematical distinction, whereas Zero Trust is a philosophical one.