We are living in interesting times in the information security world. On one hand, we have the threat of a new generation of professional hackers, from single bad actors to nation state teams, which are better educated, funded, organized, and motivated. On the other hand, we are migrating our information infrastructure to the cloud, “somewhere over the rainbow way up high,” to quote Judy Garland in the film The Wizard of Oz.
In this new world, our old mindset of “trust but verify” is no longer sufficient as a security paradigm. A new paradigm that we need to set our mind to is, “never trust and always verify,” and this is the core foundational concept behind the Zero Trust Framework (ZTF). In other words, trust and verification happens in real-time between users and resources as and when required.