In 2020 the world was rocked with multiple events that had never been seen before. One of these was the largest cyber security breach of the twenty-first century, SolarWinds. This breach created a snowball effect of supply chain problems that impacted thousands of organizations.
Since 1999 the Common Access Card (CAC) has been the norm for service members. The CAC has been the standard for so long that the industry has now created technology that far surpasses the CAC. The industry is moving from a net-centric to a data-centric approach. This shift is part of the call to “Kill the CAC.”
In January 2022, the Executive Office of the President: Office of Management and Budget released a memorandum for executive departments and agencies. This memo is aligned with the executive order detailing the U.S. government’s shift to a Zero Trust enterprise. As President Biden stated in EO 14028, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.”
The Zero Trust security model requires a revolutionary shift from traditional authentication methods that have been in use for decades. While the DoD has mandated migration to zero-trust networks, most organizations are still unclear on how to get started. This briefing outlines why the road to zero trust networks logically starts with the ZKX MFA authentication engine.
The term cybersecurity expert is overplayed. There is no official or legal definition, and between companies, the meaning of “cybersecurity expert” can vary greatly. When we talk about cyber, we need to understand our audience and trust the “experts” we rely on for information. As we talk to others, what attributes do we use to signal that we are cybersecurity experts? As we interview people for job openings, how do we qualify and differentiate between all of the candidates calling themselves “experts”?
DISA’s 163-page document on the Zero Trust Reference Architecture presents seven pillars of a zero trust environment. These include the user, device, network, applications, data, visibility, and orchestration. Each of these pillars deserves a deep analysis, but in this short post we argue why the first two — user and device — are most critical.
Zero Knowledge and Zero Trust: they’re basically the same, right? Not quite. While these two terms might be similar in name, they are in fact two completely different ideas. Zero Knowledge can be used to help complete the notion of Zero Trust, but it cannot work in the opposite direction. Zero Knowledge is a mathematical distinction, whereas Zero Trust is a philosophical one.