To date, the zero-trust model has largely been thought of, and implemented as, a technology strategy — one that helps organizations strengthen their cybersecurity posture. This is understandable, as the concept of zero trust is centered around one key theme: never trust, always verify, which provides perimeters around data, applications and networks while allowing those perimeters to be dynamic and fluid based on risk with an identity- and data-centric approach. However, when one considers the risks of intellectual property loss, reputation damage, theft, etc., that exist outside of the digital realm, zero trust is also a sound approach to protecting the integrity of the entire business.
The reason for this is that physical intruders, insiders, and third parties can lead to many of the same problems that you're trying to prevent in the cyber world: stolen documents, leaked sensitive data, etc. These same threat actors can also use physical tactics to compromise electronic assets — for example, walking around the office looking for Post-it notes with passwords. Consider these other examples:
A physical intruder gains unauthorized access to your building by posing as a delivery driver. (Let's face it — none of us bats an eye when a delivery person or a plant-waterer is walking around the office.)
A potential "acquirer" holds a meeting with the executive team to see product plans, only to go off and use these plans to build the product themselves.
Someone breaks into your office after hours to steal important company files.
An executive casually mentions a confidential acquisition to co-workers in the lunchroom without validating that those employ ..
Support the originator by clicking the read the rest link below.
