Quick Read

In January 2022, the Executive Office of the President: Office of Management and Budget released a memorandum for executive departments and agencies. This memo is aligned with the executive order detailing the U.S. government’s shift to a Zero Trust enterprise. As President Biden stated in EO 14028, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.”

The Zero Trust security model requires a revolutionary shift from traditional authentication methods that have been in use for decades. While the DoD has mandated migration to zero-trust networks, most organizations are still unclear on how to get started. This briefing outlines why the road to zero trust networks logically starts with the ZKX MFA authentication engine.

The term cybersecurity expert is overplayed. There is no official or legal definition, and between companies, the meaning of “cybersecurity expert” can vary greatly. When we talk about cyber, we need to understand our audience and trust the “experts” we rely on for information. As we talk to others, what attributes do we use to signal that we are cybersecurity experts? As we interview people for job openings, how do we qualify and differentiate between all of the candidates calling themselves “experts”?

DISA’s 163-page document on the Zero Trust Reference Architecture presents seven pillars of a zero trust environment. These include the user, device, network, applications, data, visibility, and orchestration. Each of these pillars deserves a deep analysis, but in this short post we argue why the first two — user and device — are most critical.

Zero Knowledge and Zero Trust: they’re basically the same, right? Not quite. While these two terms might be similar in name, they are in fact two completely different ideas. Zero Knowledge can be used to help complete the notion of Zero Trust, but it cannot work in the opposite direction. Zero Knowledge is a mathematical distinction, whereas Zero Trust is a philosophical one.