Technology: You Shouldn’t Trust Anyone

It’s getting to be that you can hardly trust anyone anymore. That doesn’t sound like a lot of fun if you’re trying to make some new friends. However, it might just be an effective strategy for your organization when it comes to Information Technology (IT) and cybersecurity.

Adam Rosenzweig, program manager, nonprofit success, at Okta For Good, described the “Zero Trust” approach during a session on IT security best practices (#19ntcITsecurity) at the annual Nonprofit Technology Conference (#19NTC), held earlier this year at the Oregon Convention Center in Portland, Ore.

Organizations used to protect themselves by creating a perimeter around their network. Everyone inside the network was a trusted entity while everyone outside the network was not. The problem was that if a hacker managed to breach the network they then had access to everything — all the way up to your most sensitive data, Rosenzweig said.

With cloud computing becoming more prevalent in the past few years, sensitive data now has moved outside of that perimeter as mobile and cloud computing have essentially dissolved the perimeter. The result is that you can no longer automatically trust anyone. Today, a perimeter is needed around everyone who has access to data in an organization. That way, people earn trust through context.

    In a “Zero Trust” world, the mantra is “Never trust, always verify.” Rosenzweig reviewed the key concepts of Zero Trust:

  • Secure access: All resources are accessed in a secure manner, regardless of location;
  • Control access: Each person is granted access on a need-to-know basis; and,
  • Inspect and log traffic: Security and IT teams inspect and log all traffic to verify users are doing the right thing at the right times.

Okta for Good is a corporate social impact initiative of Okta, a provider of identity and access management for nonprofits. Through TechSoup, eligible nonprofits can get 25 free licenses to the Okta Identity Cloud.