This new article is spot on in the analysis of why Zero Trust has gone too far and needs to be stopped.
Digital trust and human trust are two separate things. Zero trust only applies to digital systems. People are not necessarily untrustworthy, but at the same time they are not packets. Zero trust only applies to the zeros and ones that traverse our various digital systems.
I would go even further and say Zero Trust also needs to apply in limited fashion to zeros and ones because they are being used for “intelligent” systems now that approximate human behavior. Trust me, you don’t want to live in a world of all Zero Trust machines.
Zero trust was a fair thought exercise to challenge overly trusted perimeter thinking (e.g. Maginot’s reaction after WWI that led to his “build a wall” campaign).
However, it has succumbed to the hyper-political extremist notion of rugged individualism. These people talking about Zero Trust being in all aspects of life sound like a kind of Ayn Rand parrot — being unrealistic, selfish and cruel while squawking out “zero trust” at every interaction.
Reality is that we gain efficiencies from building containment and perimeters. It’s the very definition of depth, which has great value, and has been proven viable for many thousands of years. security is nothing if it can’t achieve efficiency, although vendors obviously make less money the more efficient the controls become.
It’s a lot like saying the bazaar model of security is better than the castle. while true to a very large extent (pun not intended) because the castle wall is so slow and expensive to build, nobody at the bazaar really wants to go to sleep in the middle of one.