BSides London 2021 BSides London 2021

Saturday, November 13, 2021

Reflections on trusting Zero Trust (or why I have zero trust in Zero Trust)

This one was inspired by a conversation with a friend who red teams for a well known consultancy… I have a vendor hat, I will remove said hat for this presentation. The purpose of this talk is to take a ""neutral"" look at Zero Trust in the wild and dissect what market analysts promise vs the realities of implementing it. This talk looks at:

 * Technical debt that often gets inherited along the way

 * Control gaps we lose as we dash headlong into the cloud and how we might replace them

 * New weaknesses that Zero Trust implementations bring by virtue of how “Zero Trust” software sometimes works

 I'll go into the catalogue of vulnerabilities and weaknesses that I've been building surrounding Zero Trust technologies and make some observations about where we might do better.