20: On the Horizon: Zero Trust avoids the traditional “security versus convenience” tradeoffs

Dec 7, 2021

Everyone reading this has probably heard that old rule of thumb that security and convenience are inversely proportional. In other words, increasing security comes with the cost of less convenience, while making things easier to use also means less security. This isn’t just in the context of computing, by the way. An unlocked door is easier to use (more convenient) than one that is locked (more secure). A door that you can unlock with a key is easier to use (but less secure) than a door that requires both a key and a keypad code, etc.

In the context of end-user computing, we all see this trade-off daily. Longer passwords are seen as more secure than shorter ones, but they’re also harder to remember and type. Six-digit phone PINs are more secure but less convenient than four-digit ones. Multifactor authentication leveraging both a password and one-time code is more secure than just a password but annoying every time we have to switch over to the authenticator app to get that code. Requiring a PIN to unlock the authenticator app is more secure than not, but with the expense of additional steps and user annoyance.

There’s never really been any kind of standard for how this should all work and what should be used where. Different companies, policies, regulations, governance, organizational cultures, and sales rep effectiveness drive most of it, and things are different everywhere. What’s been historically consistent is that more security has correlated to more hassle for the users.

Finding the balance between security and convenience has always been about tradeoffs. I’ve always thought of the “security versus convenience” model as a sliding scale, like the one below. You can draw a vertical line anywhere you want in the diagram below to get a certain level of security for a certain level of convenience, and increasing one decreases the other, and vice versa.

Host: Andy Whiteside
Co-host: Erik Collett

WEBVTT

1
00:00:02.730 –> 00:00:09.450
Andy Whiteside: hi everyone and welcome to episode 20 of on the horizon i’m your host Andy whiteside i’ve got Eric Colette with me Eric any snow on the ground, yet.

2
00:00:09.929 –> 00:00:16.049
Erik Collett: No, there isn’t, although we have a lot of machines trying to make as much as possible for you.

3
00:00:16.619 –> 00:00:17.010
heard.

4
00:00:18.270 –> 00:00:21.540
Andy Whiteside: I heard the other day you guys really drive it’s cold right, but just.

5
00:00:22.170 –> 00:00:27.630
Erik Collett: it’s cold it’s dry we had some storms come through we saw snow stick and then it all melted.

6
00:00:29.070 –> 00:00:31.770
Erik Collett: it’s just one of those those types of years I guess.

7
00:00:32.520 –> 00:00:32.820
well.

8
00:00:34.080 –> 00:00:43.680
Erik Collett: yeah well we’ll get more later, but usually after or in the middle of December or at the end of December it hits us hard then it’s worthwhile so in.

9
00:00:43.980 –> 00:00:49.440
Andy Whiteside: A sense to you that don’t know Eric lives in utah and what would you call that central utah northern utah we’re.

10
00:00:49.590 –> 00:00:51.480
Erik Collett: Bad northern utah northern.

11
00:00:52.110 –> 00:00:55.950
Andy Whiteside: The high the high desert but enough cold where it makes them really fluffy snow.

12
00:00:56.340 –> 00:00:57.090
Andy Whiteside: And the most.

13
00:00:58.380 –> 00:01:00.210
Andy Whiteside: yeah what’s the closest town to you.

14
00:01:00.780 –> 00:01:04.350
Erik Collett: I am in ogden so i’m about 30 minutes north of salt lake.

15
00:01:04.770 –> 00:01:19.410
Erik Collett: Okay we’re in the only populated spot we’re stuck between mountains and a lake so it’s just this channel of people right now, and more and more show up in fact I even picked up this this this hat recently.

16
00:01:23.340 –> 00:01:27.390
Erik Collett: As because we’re super passive passive aggressive about people moving to utah.

17
00:01:28.200 –> 00:01:29.610
Andy Whiteside: So those of you listening.

18
00:01:29.910 –> 00:01:32.370
Andy Whiteside: Eric said says utah sucks don’t move here.

19
00:01:33.420 –> 00:01:37.230
Andy Whiteside: I do plan to live there part time someday Eric I don’t know.

20
00:01:37.950 –> 00:01:39.420
Erik Collett: Well we’ll make a space where you.

21
00:01:40.560 –> 00:01:44.280
Erik Collett: will make your life may get in the way i’m ever may not ever make it.

22
00:01:44.340 –> 00:01:52.890
Andy Whiteside: But definitely have some interest in at least spending some time out there is a beautiful place and good economy good good business we’ll see if it works oh.

23
00:01:53.310 –> 00:01:55.980
Erik Collett: yeah yeah happy to have you happy to have you.

24
00:01:57.720 –> 00:01:59.040
Andy Whiteside: He rolls his eyes, as he says.

25
00:02:00.060 –> 00:02:00.930
Erik Collett: nope no.

26
00:02:02.640 –> 00:02:10.200
Andy Whiteside: Alright, so Eric was gracious enough to pick an article for us this week, let me share my screen for those who will be watching at a later date.

27
00:02:11.670 –> 00:02:15.540
Andy Whiteside: And it’s the title of it and it’s written by Brian madden I lost it.

28
00:02:17.190 –> 00:02:20.730
Andy Whiteside: is called a zero trust avoids traditional security.

29
00:02:21.870 –> 00:02:32.940
Andy Whiteside: versus convenience trade offs and you know I did a DEMO this morning or yeah I did a DEMO this morning it was all about vdi we were showing vdi and this infrastructure that have come up with the put it on and.

30
00:02:33.450 –> 00:02:41.220
Andy Whiteside: At some point, I made a reference to some of my people my team they don’t even go to the vdi anymore, they go straight to.

31
00:02:41.820 –> 00:02:47.760
Andy Whiteside: The workspace with single sign on into all their applications and they just skip the vdi all together.

32
00:02:48.330 –> 00:02:53.940
Andy Whiteside: You know that’s part of your story right, you can you can have this very untrusted world come into a very trusted world.

33
00:02:54.570 –> 00:03:06.870
Andy Whiteside: And it becomes easy and they don’t have to you know, like this article talks about the trade offs of having to be secure and convenient it’s just kind of blends together now right.

34
00:03:07.260 –> 00:03:19.980
Erik Collett: yeah Oh, a lot of the things where we always had multiple ways to try and and figure out somebody’s identity and every time we set up one space for verifying identity.

35
00:03:20.670 –> 00:03:38.730
Erik Collett: It almost seemed like we had that pulled out from underneath us the passwords in particular passwords has always been our way of verifying identity, but we have to have a way of conveniently allowing somebody to refresh that password so there’s.

36
00:03:40.110 –> 00:03:45.510
Erik Collett: it’s it’s not a simple process security is tough it’s always been really hard now.

37
00:03:46.560 –> 00:03:46.950
Erik Collett: yeah.

38
00:03:47.970 –> 00:03:54.720
Andy Whiteside: Well, now we have single identity, we have, maybe a very simple password that comes with a multifactor challenge.

39
00:03:55.200 –> 00:04:06.330
Andy Whiteside: So you don’t get to be who you are everywhere and all you have to do is look down at your phone and hit OK, and now you’ve proven, you know a little bit of a password and you know you have a device, you have something that’s.

40
00:04:06.780 –> 00:04:07.590
Andy Whiteside: Still times.

41
00:04:07.920 –> 00:04:21.780
Erik Collett: yeah trusted device, and I mean a lot this article is beautiful because it elaborates on on these multiple different ways of authenticating, of course, you have the Multi factor authentication where it’s like well if they have access to their email.

42
00:04:22.500 –> 00:04:36.240
Erik Collett: Their trusted by their email provider if they have access to their phone their trusted by their phone which they’ve had to do certain things to make sure that that phone is trusted so we have unique devices and unique.

43
00:04:37.590 –> 00:04:51.780
Erik Collett: yeah unique devices web browsers that we can leverage to verify a person’s identity, but we even have devices that have specialized abilities like biometrics a physical asset to yourself.

44
00:04:52.680 –> 00:05:05.280
Erik Collett: or face ID which allows you to to take a picture of your face and and verify your identity via that and so all these different methods that we can now use to leverage to verify identity.

45
00:05:05.820 –> 00:05:15.420
Andy Whiteside: What are you an example of that a couple hours ago i’m pulled over at a convenience store trying to buy something for lunch and yeah that’s pretty sad but that’s what it was.

46
00:05:16.560 –> 00:05:22.290
Andy Whiteside: And I go to get some tickets for ticketmaster for a hockey game that we’re hosting tomorrow night down in Florida.

47
00:05:22.740 –> 00:05:29.460
Andy Whiteside: And it pops up to ticketmaster and it’s like oh my username password oh I can’t type this in and then it starts looking for my face.

48
00:05:29.760 –> 00:05:36.690
Andy Whiteside: And with a matter of seconds, it was secure because I knew who I was, but it was also convenient for me I didn’t have to type A single letter.

49
00:05:37.230 –> 00:05:50.100
Andy Whiteside: I know that’s become more and more normal and like consumer world but it’s becoming mainstream and in our in our work world to and it gets better but secure all at the same time yeah.

50
00:05:50.520 –> 00:06:00.720
Erik Collett: And it’s that’s the weird part that ability to maintain convenience is still maximized if you scroll down a little bit he’s got another chart that shows.

51
00:06:01.020 –> 00:06:10.350
Erik Collett: Basically we’re looking at us a rectangle and you’re drawing that diagonal line corner to corner through there and security has always been a.

52
00:06:10.980 –> 00:06:16.890
Erik Collett: Maximum at one side, where you have all of these different protection methods, but then convenience.

53
00:06:17.520 –> 00:06:23.070
Erik Collett: means you were insecure you you’ve never had felt like you always have that buttoned up.

54
00:06:23.550 –> 00:06:36.930
Erik Collett: But just a little bit down down a little bit further on this article you just see convenience just layering on top of it as maximum ability, all the way through, and you can actually have maximum security in maximum convenience.

55
00:06:36.930 –> 00:06:37.980
Erik Collett: Because of those.

56
00:06:38.040 –> 00:06:47.010
Andy Whiteside: Hello How is that possible, how do we have just a secure and just as convenient just stack on top of each other what what’s what’s driving that.

57
00:06:47.760 –> 00:06:51.930
Erik Collett: So I would say that there’s a little dip and convenience upfront just the dip.

58
00:06:52.770 –> 00:07:06.840
Erik Collett: That I because there are things that you have to establish first as soon as you as you’ve established your identity as a person as an entity and you have verified your physical assets you’ve verified your virtual assets.

59
00:07:07.440 –> 00:07:19.770
Erik Collett: And all of these different methods that kind of connect together, I think that is the beginning of an example that he doesn’t use here, but what i’ve always considered that, as the chain of custody.

60
00:07:20.190 –> 00:07:22.050
Erik Collett: You have a trusted provider that.

61
00:07:22.230 –> 00:07:35.820
Erik Collett: verifies who you are that starts the chain of custody that’s the first link in the chain is your identity to your your physical person and then as soon as you get to that point, you can then verify multiple.

62
00:07:37.350 –> 00:07:52.560
Erik Collett: I guess you could say multiple links in that chain to verify who you are all the way to your access to the product or access to the the application or access to the information that you’re looking for.

63
00:07:53.610 –> 00:08:06.090
Erik Collett: But it’s as soon as all those changes have been established, your location this two factor authentication your gmail your device your physical identity biometrics and face ID and so forth.

64
00:08:06.360 –> 00:08:13.410
Erik Collett: Soon, as though as those have been established, you can use any one of those in a rotating fashion to get complete access.

65
00:08:14.400 –> 00:08:22.170
Andy Whiteside: What I agree with you on that i’m sitting here, looking at a I don’t know a year and a half old phone it used to be, that I would get a new mobile phone every year.

66
00:08:23.010 –> 00:08:31.860
Andy Whiteside: And somebody looked at me today, so why don’t you just get a new phone i’m like I don’t want to have to go through all the inconvenience of getting it set up for my authenticators again and.

67
00:08:32.100 –> 00:08:41.160
Andy Whiteside: yeah i’ve got probably three or four on my phone, so I agree it’s not necessarily a perfect trans transition to having both but, once you get over the hump.

68
00:08:41.760 –> 00:08:49.950
Erik Collett: yeah I mean so that little dip I would just chop off the first little point of convenience, on this particular.

69
00:08:50.220 –> 00:09:00.600
Erik Collett: piece where it’s not exactly the most convenient at the very, very beginning, but as soon as you establish that as soon as you put that in place and configure it like you’re saying so many authenticators.

70
00:09:01.620 –> 00:09:05.400
Erik Collett: Then it becomes super convenient and everything’s at your fingertips.

71
00:09:06.480 –> 00:09:14.460
Andy Whiteside: And, and you know you go through that little blip just with the idea that you’re trying to have the convenience, but you still have to have some level of security.

72
00:09:15.390 –> 00:09:22.890
Andy Whiteside: Not some level, but a great level of security, these days, and it’s worth the you know the the week long your new phone you got a week of.

73
00:09:22.920 –> 00:09:26.880
Andy Whiteside: Oh, I didn’t put this on a little download and then by download I mean hit the button that says.

74
00:09:27.060 –> 00:09:31.500
Andy Whiteside: download and if you’re on a decent network within a second or.

75
00:09:31.710 –> 00:09:38.250
Andy Whiteside: 10 maybe 2030 you got the APP back you got authenticate old school one time now you’re back in business.

76
00:09:38.730 –> 00:09:47.490
Erik Collett: yeah it following this line this this this mode of thought for anybody who’s out there who wants to test this out because.

77
00:09:48.000 –> 00:09:59.250
Erik Collett: it’s so convenient right now it’s transparent to us whenever whenever we log into certain applications, it seems transparent to us first off get a new phone and then log out of all of your accounts.

78
00:10:00.630 –> 00:10:10.860
Erik Collett: log out of your email account log out of your web, you know, whatever if it’s sinking or whatever else log out of those and see how it feels to get back in.

79
00:10:11.550 –> 00:10:18.600
Erik Collett: And, and all of the different passwords and all the different verifications that you have to go through in order to get back into your stuff all of that.

80
00:10:19.110 –> 00:10:29.520
Erik Collett: Has has meshed together very well we’re adopting that technology within our workspace one platform, but it’s it’s something that’s now commonly out there with a lot of single sign on solutions.

81
00:10:29.880 –> 00:10:41.610
Erik Collett: So just know that we’re we’re part of the same mesh of trusted identities, but yeah it’s it’s challenging to get back to level yeah.

82
00:10:42.990 –> 00:10:48.690
Andy Whiteside: I like that you brought up identity, because it didn’t he’s not a security, peace, but that is part of the convenient speech right being.

83
00:10:49.050 –> 00:10:58.020
Andy Whiteside: One person that you identify as and then secure against are you, you have security policies and procedures associated with that one identity.

84
00:10:58.470 –> 00:11:07.500
Andy Whiteside: that’s a big part of the convenience factor of this, I still have systems where I have multiple user ids all over the place, many, many systems, but personally and work.

85
00:11:08.010 –> 00:11:16.440
Andy Whiteside: But every day gets better and better where I can start to use, at least for work single identity providers I would do the same thing on my personal life I just.

86
00:11:16.890 –> 00:11:25.890
Andy Whiteside: don’t have an identity provider, I really want to be the source of truth, for me, therefore, I don’t use the various social media places or other things for.

87
00:11:26.700 –> 00:11:31.920
Erik Collett: personal identity providers is social media as as an identity provider makes me feel awkward.

88
00:11:32.130 –> 00:11:41.700
Erik Collett: guest stream Lee awkward so yeah I agree with that i’ve played the game, and then I you know, probably locked myself enroll dial that back because it just doesn’t feel right now.

89
00:11:42.420 –> 00:11:51.900
Andy Whiteside: that’s a question for you multifactor so i’ve got my password that’s one factor right something you know is is having my phone and responding to a prompt on my phone is that.

90
00:11:52.290 –> 00:11:53.880
Andy Whiteside: Two more factors, or one factor.

91
00:11:54.630 –> 00:11:58.620
Erik Collett: So it and he he elaborates a little bit on these these particular.

92
00:11:59.310 –> 00:12:16.260
Erik Collett: In this section as well this the idea of having a physical trait or a specific skill or your location, I mean GEO location is such a big big deal you tell you tell them where you’re at, and then you prove where you’re at with GPS.

93
00:12:17.970 –> 00:12:30.690
Erik Collett: But also things that you know so knowledge of something skills on something physical identity and geolocation and then you can have multiple iterations of Oh, and your password the password that you said.

94
00:12:31.530 –> 00:12:40.290
Erik Collett: that’s there’s your your five, but they can also split even further and i’m sure that we will see more in the future more ways to identify yourself.

95
00:12:40.680 –> 00:12:40.830
As.

96
00:12:42.450 –> 00:12:55.470
Andy Whiteside: Well, so talk to us about what vmware is doing with workspace one and how these things starting to play into the mix of SAS Apps hosted x86 Apps desktop virtualization and more.

97
00:12:55.770 –> 00:13:00.900
Erik Collett: Well, the beauty of the onboarding that goes with workspace one is that.

98
00:13:01.920 –> 00:13:10.260
Erik Collett: you’re a known quantity to begin with, you have somebody who very verifies you validates you and then that starts that first link in the chain.

99
00:13:11.130 –> 00:13:25.740
Erik Collett: You now have an identity within this organization and then you can you continue to set up different devices on workspace one as your different authentication methods and it creates those multiple chain links in the chain.

100
00:13:26.250 –> 00:13:29.100
Erik Collett: And as soon as all of the that chain gets established.

101
00:13:29.430 –> 00:13:41.910
Erik Collett: You have total access to all of your workspace one application SAS Apps for one your vdi will immediately recognize who you are because you have an identity that’s verified within your active directory.

102
00:13:42.390 –> 00:13:52.650
Erik Collett: there’s all these different methods that let you get in quickly and will use multiple identification methods, whether that’s going to be a multi factor authentication.

103
00:13:53.820 –> 00:14:00.360
Erik Collett: like an authentication tool like RSA or G author, one of these many that are out there.

104
00:14:01.590 –> 00:14:14.910
Erik Collett: But also just physical identity starts coming into play where you’ve got your biometrics aligned with it, so you can use all of them and geolocation a huge geolocation is huge for mobile.

105
00:14:15.690 –> 00:14:22.380
Andy Whiteside: Well, so now we’re talking a lot about identity and the multifactor way of proving you are who you are, at the same time we’ve got old.

106
00:14:23.070 –> 00:14:31.260
Andy Whiteside: i’ll call it clergy systems that people are still using whether authenticating into a vpn and then from there they’re going to a specific URL URL or.

107
00:14:31.620 –> 00:14:44.430
Andy Whiteside: or even worse than IP address and trying to then launch something else that requires them to identify again, you know it’s a it’s been painful for me the last year to see people continue to do it that way, no one that’s how I did it in 1998.

108
00:14:44.760 –> 00:14:57.240
Andy Whiteside: Palin and that’s inconvenient, as well as more insecure all at the same time and that’s one of the things that solutions like workspace one that brings things into a into a portal.

109
00:14:57.810 –> 00:15:08.640
Andy Whiteside: Of all different types really helps to solve the the simplicity, as well as the convenience i’m using those two words intentionally different, as well as the security.

110
00:15:10.410 –> 00:15:23.880
Erik Collett: it’s it’s interesting that you bring it up that way because people don’t know what they don’t know and they don’t they don’t see what our modern approach is and it’s not just our modern approach, where one I mean we’re.

111
00:15:24.390 –> 00:15:42.030
Erik Collett: we’re adopting this we’re implementing it heavily we’re making it really easy, but there are others who do the same and we just it’s it’s a universal effort, and as long as you, you step into it just step into this this world.

112
00:15:43.650 –> 00:15:50.340
Erik Collett: With workspace one We only need one password We only need one set of authentication as soon as we have your identity.

113
00:15:50.700 –> 00:15:59.160
Erik Collett: We can now connect you with all different SAS Apps all different applications and we can deliver those applications to you, we can track those applications.

114
00:15:59.580 –> 00:16:05.340
Erik Collett: We know what you’re aligned with what you’re not aligned with and in all of those aspects we.

115
00:16:05.970 –> 00:16:19.170
Erik Collett: We basically deliver convenience, so that you can do your job without having to go through a whole lot of effort, I mean, I have one password I really do for for my job, I have one password and just asking that question.

116
00:16:21.510 –> 00:16:22.560
Erik Collett: Do you have one password.

117
00:16:24.030 –> 00:16:33.540
Andy Whiteside: And I, for the most part, do, but not for everything, but for the most part, but question what are examples of different identity providers that you can use in a workspace one.

118
00:16:34.620 –> 00:16:35.370
Andy Whiteside: configuration.

119
00:16:36.120 –> 00:16:57.570
Erik Collett: We are primarily aligned with true ssl but we using okta is another type of solution that would layer on top with ours, I, there are a plethora that we can work with third party identity managers, we have our own, of course, that we can you can leverage that comes with our package.

120
00:16:58.950 –> 00:17:08.520
Erik Collett: Again, true ssl was is that but at any point in time, if you wanted to leverage a different identity provider that will mesh very cleanly and with us.

121
00:17:08.760 –> 00:17:09.120
Right.

122
00:17:10.350 –> 00:17:12.180
Andy Whiteside: Okay yeah um.

123
00:17:13.500 –> 00:17:17.850
Andy Whiteside: But we still see tons of people that that aren’t leveraging those right, I mean what would you say percentage of.

124
00:17:17.850 –> 00:17:19.050
Andy Whiteside: people that are still.

125
00:17:19.560 –> 00:17:21.000
Andy Whiteside: I mean, are they just.

126
00:17:21.060 –> 00:17:23.130
Andy Whiteside: authenticating against active directory What are they doing.

127
00:17:23.460 –> 00:17:32.190
Erik Collett: And it is primarily authenticating against the active directory and then everybody has their own personal accounts that are attached to different solution providers.

128
00:17:32.580 –> 00:17:50.730
Erik Collett: office 365 does have a an ssl layer of sorts, as long as you have an appropriate identity, but you still have to log into that with password So if you don’t have a single sign on layer you’re not going to get the full benefits of it just.

129
00:17:51.750 –> 00:18:03.030
Erik Collett: Anybody who’s who’s still kind of in the dark ages and has a million different passwords and and is is just ham fisted their way through each security measure and over.

130
00:18:04.260 –> 00:18:12.990
Erik Collett: Basically, oh they’re over authenticating if that’s even a thing, but over authenticating themselves to to get access to small or.

131
00:18:13.710 –> 00:18:23.910
Erik Collett: You know very confidential information for one is is you know needs to be secured, but we can secure it with a lot lower effort than what most organizations are actually doing now.

132
00:18:24.540 –> 00:18:25.680
Erik Collett: I don’t know the percentage.

133
00:18:25.920 –> 00:18:27.480
Erik Collett: I wish I could say.

134
00:18:29.400 –> 00:18:30.510
Erik Collett: More than there should be.

135
00:18:32.250 –> 00:18:33.570
Andy Whiteside: Okay, so Eric.

136
00:18:35.490 –> 00:18:39.180
Andy Whiteside: Where does this go from here what’s what’s the future of.

137
00:18:40.200 –> 00:18:50.190
Andy Whiteside: A did at the point where we could just look at the screen and all of a sudden, you know where are we there with face it, I mean how many PCs I guess there’s the well Hello camera right, I mean there’s.

138
00:18:50.880 –> 00:18:51.750
Andy Whiteside: More and more common.

139
00:18:52.410 –> 00:18:58.470
Erik Collett: I, the one thing about face it, is that they have a lot of other protective measures behind it now.

140
00:18:59.220 –> 00:19:06.210
Erik Collett: I will say, with every authentication method, you have to find a way or find the ways that it will be exploited.

141
00:19:06.810 –> 00:19:13.830
Erik Collett: So understanding how something gets exploited verifies the security of a particular authentication method.

142
00:19:14.310 –> 00:19:21.540
Erik Collett: As long as we can always bring up authentication methods that cannot be exploited, like in the case of face ID there’s a lot of.

143
00:19:21.990 –> 00:19:36.630
Erik Collett: Other layers that go into verify it’s a 3D person you’re looking at they have flesh and blood, maybe they do some ir to see what he signature there is that kind of thing, so you can’t just hold up a piece of paper and and get that.

144
00:19:38.040 –> 00:20:00.300
Erik Collett: On to unlock but as long as those different protective protective measures are in there, then you can trust the trust the the technology to initiate the process it’ll it’ll evolve it I guarantee I mean DNA tests to verify who you are that sounds really scary but possible in the future.

145
00:20:01.560 –> 00:20:05.160
Andy Whiteside: You know to what level of security, do you need that level.

146
00:20:05.370 –> 00:20:06.090
Andy Whiteside: For certain.

147
00:20:06.150 –> 00:20:17.130
Andy Whiteside: For what types of applications so probably not for getting in and reading your email, however, you know for maybe access in your financial information, maybe someday little more secure than we have today.

148
00:20:17.400 –> 00:20:29.550
Erik Collett: yeah but but that’s the whole point of zero trust is it doesn’t matter how secure or or or how what’s the varying levels of security on a particular thing that you’re accessing.

149
00:20:30.000 –> 00:20:42.330
Erik Collett: We throw all of the security at it we’re throwing everything at it up front, no DNA testing might be a little invasive for that kind of thing, but if you can verify it maximally what.

150
00:20:42.840 –> 00:20:56.670
Erik Collett: If that’s your gateway all the time to maximum authentication maximize it you, you should use it if it’s convenient and if its maximum it, you should use it, at least in principle.

151
00:20:57.270 –> 00:21:04.110
Andy Whiteside: Yes, it’s interesting I was on I was with a customer this morning that they have a horizon desktop virtualization environment but.

152
00:21:04.590 –> 00:21:20.100
Andy Whiteside: They don’t allow access from the outside, so they’re getting the benefits of cost effective internal computing the life of their devices is much longer than it would have been However, you know they’re not getting the benefits of remote working i’m not sure how they’re handling that.

153
00:21:21.420 –> 00:21:31.080
Andy Whiteside: But it was interesting to see someone who hadn’t taken it quite that far yet i’m not sure if that was for security reasons, or they just you know haven’t invested in providing it as a remote access solution.

154
00:21:31.980 –> 00:21:41.580
Erik Collett: It i’ve seen i’ve seen a few implementations like that I called it, the secure donut because there was the you have a jump box inside of the donut.

155
00:21:41.820 –> 00:21:51.990
Erik Collett: And then you have in its air gapped basically not exactly but it’s air gapped enough that you could reach it from an internal something within the secret Donna.

156
00:21:53.430 –> 00:22:03.120
Erik Collett: But again, what what is that protecting and you know it’s making a hacker proof, but you’re still connected to the network right so.

157
00:22:04.140 –> 00:22:05.400
Erik Collett: There there’s a challenge there.

158
00:22:06.210 –> 00:22:10.020
Andy Whiteside: Well Eric I know this is a topic you’re passionate anything that we haven’t covered here that you’d want to.

159
00:22:11.130 –> 00:22:11.670
Andy Whiteside: bring up.

160
00:22:12.420 –> 00:22:27.180
Erik Collett: Well, I I I just I want to watch this space as as what it’s going to look like going forward because again identity is changing the way we approach verifying identity is changing.

161
00:22:27.750 –> 00:22:41.100
Erik Collett: I think that what the lessons that we learned here are going to find their way into the greater population, and when I say greater population this this idea of what’s what is the world going to look like.

162
00:22:42.870 –> 00:22:47.160
Erik Collett: If we’re not just looking at physical ids like.

163
00:22:49.980 –> 00:23:03.720
Erik Collett: What am I trying to say licenses on driver’s licenses or social security cards or all these different ways that we were verifying identity right i’m interested to see how this methodology is going to push its way back into the general population.

164
00:23:04.020 –> 00:23:11.370
Erik Collett: Right and will we use phones as a digital ID that we can say here, look at look at this.

165
00:23:11.520 –> 00:23:15.300
Erik Collett: And right, you know, is this verifiable so.

166
00:23:16.320 –> 00:23:20.640
Erik Collett: I i’m curious how technology will influence our reality.

167
00:23:21.150 –> 00:23:35.640
Andy Whiteside: yeah yeah i’ve got to fly somewhere in the morning, I need to check, so you have ever got my tsa number updated I went last week I just don’t ever got through or not always something to do but yeah i’m looking forward to the time when I don’t have to like they know who I am based on.

168
00:23:35.700 –> 00:23:51.180
Andy Whiteside: yeah Maybe my visual recognition as well as some real time push that you know, two elements of me being me proved, who I am and I can just walk through security and through the scanner of some type and not have to not have to have that uncomfortable awkward inconvenient experience.

169
00:23:51.450 –> 00:23:54.780
Erik Collett: yeah yeah it’s really nice to have.

170
00:23:56.190 –> 00:23:56.880
Erik Collett: it’s really nice.

171
00:23:57.570 –> 00:23:59.190
Andy Whiteside: that’s a good that’s a good.

172
00:24:00.480 –> 00:24:06.270
Andy Whiteside: way to end this i’ve got to go check that before tomorrow’s fly but Eric thanks for jumping on and appreciate you bringing topics as always.

173
00:24:06.540 –> 00:24:09.030
Erik Collett: yeah my pleasure see it.

174
00:24:09.360 –> 00:24:10.680
Andy Whiteside: we’ll do it again a couple weeks.

175
00:24:10.710 –> 00:24:11.280
Erik Collett: got it.

176
00:24:11.580 –> 00:24:12.000
Andy Whiteside: Thanks for.