Posted on Apr 29, 2023
Zero trust could have limited Pentagon leak, Navy CTO says
6.4K
8
3
4
4
0
Posted 1 y ago
Responses: 2
PO1 William "Chip" Nagel
Maj Kim Patterson Unfortunately, Most Lessons are Only Learned the Hard Way!
(0)
(0)
PO1 William "Chip" Nagel
..."“The whole point of zero trust is to never trust. Always verify and assume breach,” Yeske said. “You begin from the point of assuming your network has been compromised, and if it hasn’t been compromised, that compromise is inevitable. Insider threats light up like a Christmas tree when that is your approach.”
The Pentagon released its zero-trust strategy last November, laying out a plan to implement the basic elements of the “trust no one” approach by 2027. The model requires that users and their devices be constantly evaluated.
“Part of what you do in a zero-trust approach is, every time a particular asset is accessed, you evaluate that access according to a set of policies,” Yeske said, noting that he doesn’t have knowledge of the investigation beyond what’s been reported publicly. “That policy-driven evaluation would have identified, I believe, a pattern of activity here where someone who’s a network administrator, someone who is an IT professional accessing this kind of information . . . would have been questioned.”...
..."“The whole point of zero trust is to never trust. Always verify and assume breach,” Yeske said. “You begin from the point of assuming your network has been compromised, and if it hasn’t been compromised, that compromise is inevitable. Insider threats light up like a Christmas tree when that is your approach.”
The Pentagon released its zero-trust strategy last November, laying out a plan to implement the basic elements of the “trust no one” approach by 2027. The model requires that users and their devices be constantly evaluated.
“Part of what you do in a zero-trust approach is, every time a particular asset is accessed, you evaluate that access according to a set of policies,” Yeske said, noting that he doesn’t have knowledge of the investigation beyond what’s been reported publicly. “That policy-driven evaluation would have identified, I believe, a pattern of activity here where someone who’s a network administrator, someone who is an IT professional accessing this kind of information . . . would have been questioned.”...
(1)
(0)
Read This Next