Zero Trust or Zero Knowledge

What's the difference and why does it matter?

· remote work,hybrid work,zkp,zero trust,privid

With work from home / remote work or some hybrid version being the new way to work there are factors that need to be examined. One of them is the Zero Trust model, and the other is Zero Knowledge Proof (ZKP). They are not mutually exclusive, but let’s have a quick look at how they work.

IT security works like this: there is a moat, there is a wall, they are protecting the data at the centre of the castle. Hackers etc. will find ways to get over the moat or over the wall. Security will either make the moat bigger, or the wall higher, or both. This keeps going, all the while the system keeps looking for more breaches. This is known as the Perimeter-based Network Security Strategy. This was not a bad strategy when there wasn’t such a proliferation of devices that everyone uses: laptop, mobile platforms (cell, tablet etc), desktop, just for one person… now factor that across an organisation. And it becomes problematic. One of the ways to handle it, in a centralised server world, is to trust no one, and every device is dangerous to the central server. This does not stop it from being an extremely cumbersome solution, but, it is a solution.

Trust No One

The selling point for Zero Trust is that it's easier when done right. Therefore, inherently more secure.  But, it is not easy to set up, see the above paragraph on the what and why.

Basically it assumes everything that is unknown is dangerous, and to fix it, everything has to be catalogued. Yes, this can include data (for data it looks more like classification), and will require authentication and restrictions. Not entirely unreasonable. But, there are issues.

Networks become siloed to prevent any level of ‘bleed over’ if there is a breach. Again, this presents its own level of issues. Anytime information needs to be transmitted in a siloed system, it takes time. 

Things like IAM (Identity Authentication Management), entitlements, are all part of this process. It doesn’t happen overnight. It takes time, much like any security change. Even in our model it takes time, but there is a difference between our approach and theirs. We get you thinking about how your system would look if no one knew anything, and they couldn’t access it… hear me out, it’s not as radical an idea as you may think.

If Zero Trust is “Trust no one,” Zero Knowledge Protocol (ZKP) is, “Trust is earned by both sides.”

Zero-knowledge is a security model that uses a unique encryption and data segregation framework that can support zero trust by protecting against remote data breaches. IT service providers that use a ZKP framework are prevented from having any knowledge as to what is stored on their servers, or on users various devices.

In PrivID’s case, we have “zero-knowledge” of master passwords, and we have no access to customers’ encryption keys to decrypt their data. In other words, do not lose your ‘passwords’ or ‘encryption keys’!

PrivID’s zero-knowledge password management and security platform provides organizations the total visibility and control over password practices that they need to successfully implement a “zero anything” security model. Passwords can be monitored and controlled across the entire organization, both remotely and on-premises. 

PrivID also has the following benefits:

  • Full compliance with GDPR, PIPEDA and other legislations, along with reporting.
  • Ease of use for both IT admins and end users.
  • Can integrate with SSO.
  • Secure storage for sensitive files, documents, photos, and videos on unlimited devices.
  • Private vaults for each employee, this could include shared folders, subfolders, and passwords for teams.
  • Whether your organization is an emerging business or a multinational enterprise, we can scale

Password security is one of the foundations of cybersecurity, and it’s also the foundation of a “zero anything” architecture, it is also decentralised in our case, especially in a remote work world. It’s impossible to successfully implement a zero-anything architecture without securing user passwords.

 

All Posts
×

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OK