This is one of the important factors driving

rakhirhif8963 · Post by **rakhirhif8963** » Thu Feb 06, 2025 3:48 am

2. Native security controls are difficult to manage in a hybrid world
There’s a lot of talk about the improved built-in cloud security controls that providers have built over the last decade. While many providers have done a good job of offering customers greater control over workloads, identities, and visibility, the quality of these tools varies. As Kindervag puts it, “Some are good, some are not.” The real problem with all of these solutions is that they’re difficult to manage in the real world, outside of a single provider’s isolated environment.

“It takes a lot of people to do that, and they’re different in each cloud. Almost every company I’ve talked to in the last five years is doing multi-cloud and hybrid, and both at the same time,” says Kindervag. “Hybrid means, ‘I’m using my on-premises resources and clouds, I’m using multiple clouds, and I can use multiple clouds to provide access to different microservices for a single application.’ The only way to solve that is to have security controls that can be managed across all clouds.”

discussions about moving zero trust to the cloud, he said.

“Zero trust works no matter where you host your data or assets,” says Kindervag. “It could be the cloud. It could be an on-premises network. It could be an endpoint.”

3. Identification won't save your cloud
With so much focus on identity management in the cameroon mobile database and so much focus on the identity component of Zero Trust, it is important for organizations to understand that identity is only one part of a balanced Zero Trust approach in the cloud.

“A lot of the zero trust narrative is about identity, identity, identity,” says Kindervag. “Identity is important, and we use it in zero trust. But it’s not the be-all and end-all. It doesn’t solve everything.”

What he means is that in a zero trust model, credentials don’t automatically grant users access to everything on a given cloud or network. Policy limits what and when certain resources are accessed. Kindervag is a longtime advocate of segmentation — networks, workloads, assets, data — and was one long before he began developing the zero trust model. As he explains, the essence of defining zero trust access through policy is to separate objects and place them under “protective surfaces,” since the level of risk for the different types of users accessing each protective surface will determine the policies that apply to each specific mandate.

“That’s my mission — to get people to focus on what they need to protect and put the important things under different protective surfaces, like your PCI credit card database should be under its own protective surface. Your HR database should be under its own protective surface. Your HMI for an IoT system or an OT system should be under its own protective surface,” Kindervag says. “When we break the problem down into these little pieces, we solve them one at a time and we do it sequentially. It makes the task much more scalable and doable.”