Back in the day, people believed all sorts of things that would be viewed as odd and peculiar today. One such belief was Ptolemaic or Geocentric model of the solar system (animated gif above, right side – earth is blue). This model put the earth at the center with the stars and planets rotating around the earth. However, with Copernicus, Newton and others along with better telescopes and more detailed observations a simpler and better explanation arose – the sun is the center of the solar system and planets like the earth orbit around it (animated gif above, left side, sun is yellow). Pretty big paradigm shift, going from the center of the universe to being on a fairly insignificant rock.
Similarly, the world of data center and enterprise security has gone through a paradigm shift of similar magnitude. The old way divided up the universe into two parts, trusted and untrusted and they were separated by a firewall. Once inside you had free reign, but only certain things could get in and only certain things could get out.
Flash forward to a virtualized world where things are no longer so simple. What was once largely north/south is now largely east/west. Where it was once all about spinning rust in iron in the basement it is now largely flash in the cloud. Hackers, who once targeted systems, are now increasingly going after individuals, particularly those with administrator or other high power accounts.
Just as the worldview changed with regard to what was at the center of the solar system, the day of the crunchy outer shell paradigm for security has passed and now it is time for a new approach. At HyTrust, we call this intelligent workload security and we see security not as a shell containing the network but rather as a much more atomistic construct where each workload has its own security and policy.
We are not the only people to see things this way. Back in 2009, John Kindervag, at Forrester, developed the Zero Trust Model, where security is not just restricted to the crunch shell but in ubiquitous throughout the network, permeating the formerly chewy middle. That original report was good reading, but things change quickly. Which is why it is good news that the latest and greatest version of the Zero Trust vision, updated and maintained by John Kindervag, is available here.