My guest on this episode of the Inner Circle podcast is Corey Williams, Senior Director of Product Management at Centrify. The focus of our chat is next-gen access, and how the principle of zero trust security is a better approach for identity and access management.
I think we can all agree at this point that the perimeter is gone–at least what we traditionally considered to be the perimeter. The idea of an invisible wall at the edge of your network that separates “us” from “them” doesn’t fit with the reality today. The proliferation of mobile devices, IoT devices, and other technologies obliterated the “perimeter” so there is no “inside” and “outside”, really.
The threat landscape has shifted as well. Attack techniques continuously evolve, and the reality is that most attacks are “inside attacks” these days. Whether it’s a disgruntled employee, a naïve or lazy employee, or a malicious attacker using hacked or stolen credentials, the suspicious and malicious activity on your network is most likely coming from someone you “trust”.
In this episode of Inner Circle, Corey and I talk about why the philosophy of “Trust but verify” is no longer adequate. Companies need to approach security from the perspective of “Never trust, always verify.”
The zero trust security philosophy is at the heart of next-gen access. Rather than assigning a level of trust and providing access to resources and data and just assuming the individual will behave as expected, next-gen access authenticates access and validates activity every step of the way.