Re-blog: Zero-Trust – IT’s an Architectural State of Mind

What Is Zero Trust?

The term ‘Zero Trust’ was first coined by John Kindervag in 2010, building off a concept put forward by David Lacey at the Jericho Forum, an international group founded in 2004 that worked to promote deperimeterization.

Deperimeterization means to “protect an organisation’s systems and data on multiple levels, by using a mixture of encryption, secure computer protocols, secure computer systems and data-level authentication” (Wikipedia). Our Managing Security Consultant, Colin Robbins, has been discussing deperimeterization for over 5 years.

Over the past few years, the world has seen a period of digital transformation. The increasingly popular use of Cloud-based solutions and remote working are eroding traditional security boundaries. Network architecture is changing, as static work environments are being phased out in favour of letting employees work from any location at any time.

In this new world, the role of local networks and Intranet changes, it no longer poses a significant security boundary, as business data is now outside of that network on cloud services. Thus, the priorities of the local network have shifted to providing access, not security. The need for security has not been diminished and a replacement solution must be found – this is where Zero Trust fits in – it helps provide confidence that your users and devices are appropriately trusted to be able to access your (on premise and cloud-based) services.

Zero Trust Architecture – NCSC

Zero Trust is a term being (mis)used by some product vendors, to push their unique angle on it. To cut through this, the NCSC, along with techUK, are working toward a non-partisan view of the base principles.

As part of this, the NCSC has developed a series of principles that will help people understand and migrate to a zero trust architecture. These principles are still in development and they have recently reduced the 10 alpha principles down to 8 beta principles.

More…

Continue reading Zero-Trust – IT’s an Architectural State of Mind →

Covid-19 Clearout: Business Cards

The continuing Covid-19 house clearout led to me finding a pile of business cards…

	The first card, from 1990. An X.400 email address, did anyone every think that would really catch on? Looks like we ran our own PRMD, unusual for a small business. I wonder why our current meeting room is called the Enterprise?
	Steve joined the company and we started to bring a bit more colour into the re-designed logo. Interestingly (for me anyway) is the ‘A= ‘ (yes that is a single space character after the = sign, if you didn’t put the space it would not work.)
	Whoops, time to change the name from X-Tel to Nexor (another company with a very similar name and logo noticed us, and the lawyers had a friendly chat!)… but we kept the same “look and feel” Who were Mark400?
	Growing up in the World – a change of address as we moved off the university campus. As well as turning sideways, looked like we changed X.400 ADMD service providers. No Web address?
	By the time we moved to Rutherford house, looks like we had removed the graphics from the logo, and straightened the italics. Looks like X.400 died, as did Nexor.co.uk, and we became a .com.
	In a word, ‘the pink era’…
	Gosh, the scanner really can’t cope with the grey header. LinkedIn made an appearance
	Initially available as black on white, but quickly changed. Twitter makes an appearance. If you have a black on white one it has rarity value – please send me an image!
	Bringing it right up to date. Seem’s someone didn’t like the icons. Twitter has taken a backseat too.

How many of these do you have in your collection?

Li-Fi Security

Li-Fi has been widely talked about, largely due to its capability to deliver a high data rate wireless connectivity.

Li-FI has some very interesting security characteristics too.

Continue reading “Li-Fi Security” →

S/MIME Re-trial

In the blog S/MIME on Trial in 2013, I outlined some challenges using S/MIME to send secure email.

I also posed the question, was I confident the issues would be solved in a 3-5 year timeframe?

Well, here we are 3 years later, let’s take a look. Continue reading “S/MIME Re-trial” →

What can you learn from a Padlock?

In the address bar of THIS blog, you should see a little padlock… Continue reading “What can you learn from a Padlock?” →

Is that Web Site Secure?

To see if a web site is secure, we have been trained to look for the padlock in the browser. Sadly, not all padlocks are the same… Continue reading “Is that Web Site Secure?” →

Is your browser in the Goldilocks zone?

If your web browser is too old, you will not be able to access sites using strong security.
If your web browser is too new, it will prevent you accessing sites with weaker security.

So most corporates will need to make sure their browsers are just right – the Goldilocks zone – not too weak, but not too secure. Continue reading “Is your browser in the Goldilocks zone?” →

Considerations when Managing IoT Device Keys

As we rapidly advance to the new world of the Internet of Things, security is slowly but surely starting to be talked about. Managing keys is an important part of this discussion.

Continue reading “Considerations when Managing IoT Device Keys” →

Q: When will the IoT be secure? A: Never.

That may seem a bit bizarre coming from someone working for a company that specialises in making the IoT secure. Let me justify the comment. Continue reading “Q: When will the IoT be secure? A: Never.” →

Cyber Essentials at UK MOD: the beginning of a critical mass?

The UK’s Cyber Essentials Scheme took a major step forward at the beginning of this year when the UK Ministry of Defence (MOD) mandated that its suppliers need to have obtained a Cyber Essentials certificate before they are able to undertake certain contracts.

This news has been coming for quite a while but judging by some reaction to this mandating of Cyber Essentials, it appears to have caught some by surprise. Continue reading “Cyber Essentials at UK MOD: the beginning of a critical mass?” →