Zero trust is not a trust technology, but rather a fundamental change in philosophy. That’s the view of Sami Laine, Okta’s Director of Product Marketing.
Laine explained that zero trust involves organisations making contextual, controlled decisions based on the information they have available, instead of simply putting their trust in network defences.
Zero trust takes a more realistic and pragmatic approach: assuming every single network is probably compromised instead of placing trust in the network.
Laine said, “We are basically saying let’s evaluate every access and say, ‘does it look like it is you, on a device I understand, in a network I understand and in a context, I understand?’ Based on that, take appropriate action — either authenticate, allow or step up.”
Graham Sowden, General Manager APAC at Okta, said “The beauty of it is, if you do it properly it’s done in the background. So, as a user, your experience is great because you’re not hampered by it at all.”
According to Sowden, you can lock down your security system so it’s absolutely tight, but also impossible to use.
“With zero trust you get the opportunity to have the flexibility to access whatever systems you need.”
Zero trust not only improves security, it vastly improves the end-user experience, Laine explained.
“You don’t have to boil the ocean. You can start the zero-trust journey by taking inventory of your existing security tools.
“Ask yourself ‘does it help me’ in three foundational ways. Does it give me a better context of the access? Can I act on that context? And is the design of what I have here perimeterless?”