There are plenty of creative ways to illustrate zero-trust security. Joseph Potchanant, the director of the cybersecurity and privacy program at EDUCAUSE, constructs a house.
“Zero trust would be like building your home completely out of concrete, with no doors, no windows, no access at all at first,” he says. “Then, after you’ve completed the building, make those cutouts for what your door’s going to be, what your ventilation’s going to be, what your windows are going to be.
“The overall building is going to be much more secure that way, because you intentionally built it with the idea that the rest of the building is impenetrable.”
Impenetrable networks are the dream of all IT security professionals — but, as they will surely tell you, it’s a fantasy that will never completely come true.
The sentiment is the same for zero trust. The philosophy is just that: a philosophy that no user or device is trusted without verification. It’s an aspirational goal and a way of thinking about security that can inform higher education institutions’ decisions on how to protect student, faculty and institutional information from cyberattackers who are eager to get their hands on it.
Click the banner below to find out how identity and access management paves the way to zero trust.