thumb

Simplify Security: Split Identity and Authorisation with Zero Trust


Zero Trust. The key principle is, we split identity and authorisation apart. We move from a perimeter-based trust (e.g. VPN + firewall) to a user + asset-based model.

The benefits might seem subtle, but they are transformative. We can now independently choose who we trust, what applications they can use, and what role they can have within those applications. This simple change is truly transformative. Now we can evaluate each thing in isolation. A new user? What can they do. A new app? Who can use it. We don’t need to re-evaluate all applications for each new one we launch. We don’t have a single choke-point VPN/Firewall with complicated segmentation rules. Instead we use cryptographic headers.

One of the guiding principles of the Internet is the end-to-end principle. The end points are smart, the middle has one job: forwarding. This has proven to scale very well, going from a few academics on a few sites to billions of people using many different applications, content, etc. From 1 country to all countries. Zero trust brings the same thing to the corporate world, removing the stateful middle box of the VPN, bringing end-to-end. High scale, high security. High simplicity.