He joined in the discussion about Zero Trust, compliance, and reducing the attack surface for federal information technology. The interview began by describing an essential shift in federal information technology from a perimeter defense to being identity centric.
Touhill mentioned that the Internet was developed years ago in a competitive environment. Nobody knew what system was going to dominate. When TCP/IP was being tested, it was remarkable that it even worked. The concept of connect, then authenticate, was a winner. Today, the superior strategy is to authenticate, then connect. This is an essential description of Zero Trust.
If this is the approved strategy to improved cybersecurity, then what are the tactics? “Complexity is the bane of security” is one of Touhill’s more famous quotes. When he looked at his considerable experience, he concluded that long checklists and organization charts can be a barrier to effective cybersecurity. One should look at some kind of automated system, or platform, that can control access.