Professional Documents
Culture Documents
The Zero Trust
The Zero Trust
You want to minimize the number of things that you trust including yourself.
We have to select software operating systems encryption storage Internet service provider password
managers
download We want to download and even people that we need to trust to protect our assets evaluate
instead
of trusting everything will present a level of risk some acceptable some not.
It should be applied to everything we go through in the course trust nothing trust no one evaluate and
Say you want to store files on line you want to sync your files on line.
Dropbox is a popular choice and many people use you should not trust that they will not get hacked.
You should not trust that they won't view your files.
You should not trust that they will not lose or change your files so you have to make a risk based choice
So you ask yourself how important is it that the files remain private without being changed and to be
always available.
In a separate location and encrypt the files or use a service to encrypt the files client side with
a decryption key.
The only you have this way you have distributed the trust to the alternative Balko and to yourself via
encryption Krypton and encryptor are examples of what are called zero knowledge systems.
Zero Knowledge is when the provider literally has zero knowledge about what it is that they are hosting
So zero knowledge system goes some way towards providing a system that you don't necessarily need to
You still would have to trust them to keep your files available and to not change them if they were
If your files are extremely sensitive I still wouldn't trust a claim of a zero knowledge system because
they could always change something they could recoat it as they have control of the application.
You may choose to run an application in an isolated virtual machine to stop it being able to communicate
out.
Again you may sandbox that application instead of trusting it you're evaluating or mitigating the risk
Or you might adopt a different application completely and go with a free and open source FOSS
application
that has had security or auditing as an alternative Trost says the zero trust model you will hear me
mention the use of the zero tools model throughout the course evaluate instead of trusting mitigate