Zero Trust Security With A Hardware Root Of Trust
Red Hat News, Wednesday, December 6,2023
Trust is something we encounter every day in many different contexts, whether it's with people, institutions or products. With trust comes vulnerability-an especially uncomfortable concept for those of us primarily concerned with security. No one wants their systems to be vulnerable, but if you really want to understand the security posture of your system, you need to understand what you are trusting and how it could expose you.
Zero trust is a term that's getting a lot of buzz, but it can be a bit of a misnomer. It's not so much zero trust, but zero implicit trust. Nothing should be trusted simply due to its location on the network or claims from the developer, which are certainly critical in today's heterogeneous and hybrid cloud computing environments. Instead, all interactions must be verified and all access to data must be authenticated and authorized, resulting in explicit trust. Interactions usually refer to services and users, but can also include how a system is initially designed.