“The central question is, can any organization implement a full zero trust stack, buy hardware and software from various vendors and put it together, or will we all have to move to cloud service providers (CSPs) to get zero trust security?
“Old arguments that cloud profit margins will eventually make on-premises IT infrastructure seem like the cheaper alternative failed to anticipate an era when security became so difficult that only cloud service providers could get it right.” Cloud service providers have one key advantage when it comes to security, Newman notes: They control, write and build much of their software and hardware stacks.
Newman concludes: “I am somewhat surprised that cloud service providers don’t tout their security advantages more than they do, and I am equally surprised that the commercial off-the-shelf vendors do not band together faster than they have been to work on zero trust. But what surprises me the most is the lack of pressure on everyone to move to zero trust and get a leg or two up on the current attack techniques and make the attack plane much smaller than it is.”
Read more of this story at Slashdot.