For many of us die-hard football fans, the NFL playoffs couldn’t have arrived any earlier. The games fill the air-waves on weekends and there is no shortage of talking heads, none of whom are shy about sharing their opinions and predictions about how each team will do.
All smart guys who have played the game and who made similar predictions about individual players in the NFL draft each year.
They are usually wrong, but we watch anyway.
Tom Brady, the most successful player in N.F.L. history, was the 199th pick in 2000. Most top quarterbacks today — including Mahomes, Allen, Rodgers, Herbert, Prescott and Wilson — were drafted well behind quarterback prospects who haven’t lived up to their hype.
Predicting performance is unavoidably hard, even in the country’s most popular form of mass entertainment, where executives devote lavish resources to research.
The mistake that NFL executives make is hubris. The same mistake ours make when describing their cybersecurity defenses.
George Finney’s great new book “Project Zero Trust” with a foreword by John Kindervag is out now and it’s an entertaining and useful read. George’s primary theme is that we are operating with a broken trust model wherein the untrusted side of the network is the internet and the trusted side is the stuff we control.
Almost all data breaches and negative cybersecurity events are an exploitation of that broken trust model. Zero Trust is about getting rid of trust when it comes to technology.
Zero Trust is more than just a marketing buzzword. It is a strategy. Zero Trust isn’t any one specific tool or technology that you can buy – you can use many different tools/technologies to achieve the objectives.
The reason that Zero Trust resonates with Presidents, CEOs and other leaders is that they recognize that having a strategy for winning in any discipline is critical to success.
Zero Trust is a strategy and its primary goal is to prevent and reduce breaches. Prevention is possible. In fact, it’s more cost effective from a business perspective to prevent a breach than it is to attempt to recover from a breach, pay a ransom and deal with the costs of downtime or lost customers.
George’s fictional company already had in place backups, a risk register, inventory and a BCP plan so they were able to recover rather than pay the ransom. They also had cyber risk insurance and already had contracts in place with a cybersecurity breach response service and they were assisted with the recovery and negotiations.
But they still drafted the wrong quarterback.
Based on our in depth experience with Zero Trust and history of collaboration with folks like John Kindervag and Dr. Cunningham, G Finney, Richard Bird and other industry leaders who have been in the Zero Trust business from the beginning, we are uniquely positioned to help vendors build an authentic Zero Trust story for their brand, product or service.
For anyone thinking that Zero Trust is just some fad that will go away with the next appearance of the latest and coolest technology that will prevent all breaches, clean your house and whip up breakfast at the same time, it ain’t going to happen.
Zero Trust is not a cool technology. It isn’t a fad or a reference architecture for networks. It is a strategy and way of being. Like sobriety, Zero Trust is a conscious cybersecurity lifestyle choice because smart folks decided it is better for their overall well-being to remove excessive trust from their networks, isolate and construct protect surfaces around critical assets, get policy located close to the asset, insist upon a rigorous authentication process and monitor all activity across the network.
But, from a marketing point of view, claiming that your product is Zero Trust or that it will take you where you want to go will be seen as fraudulent by the very CISO community you are trying to reach. Do not do it.
You may have one of the components of a ZT architecture, like micro-segmentation. It needs to be sold on its merit alone and only tied into the ZT journey as an afterthought. But that doesn’t mean we can’t create a compelling brand story for your version of micro-segmentation. After all, whom would you choose to create that campaign? Someone with creative chops who knows nothing about cybersecurity and less about Zero Trust?
Or, the folks who are already inside the story? I know what I would do.