Zero Trust and Mission Partner Environment Not in Opposition
While zero-trust cybersecurity and the mission partner environment, which relies on trust for sharing information among international partners, may seem diametrically opposed, they can work well together, according to panelists at AFCEA’s TechNet Indo-Pacific Conference in Honolulu, Hawaii, November 7-9.
Darren Pulsipher, chief solution architect for the public sector at Intel Corporation, first broached the subject while discussing security of the mission partner environment (MPE) with his fellow panelists. He noted that two of the zero-trust tenants are “trust no one” and “verify everything.”
“You know, the first thought when you think about these two concepts is zero trust and MPE are diametrically opposed,” Pulsipher said. “Because I don't want to share what I have. I want to protect my data.”
People, processes, policies and cultures can be the hardest elements to change even though changing them costs nothing, Pulsipher offered. But new capabilities can make all the difference. “To turn things on the side a little bit, there's new technologies out there that can enable us to actually share results without sharing the data. And it's a weird concept. These are concepts like collaborative, confidential computing, where you can create a secure enclave of data and algorithms that transform data,” he explained.
The end results, the critical information, can be sent to mission partners, without sending the initial, sensitive, data. “These new types of concepts are really turning the whole zero trust and MPE conflict that we normally have kind of on its side because it's a new modality of operating that we haven't thought of before,” Pulsipher added. “So this is where we start needing to challenge the ways that we've done things in the past. There's got to be better ways to do it. Because then, MPEs, the result is the most important part, not even the data or the algorithms. It's the result, the information that I'm producing out of it.”
Charles “Chuck” White, chief technology officer, Fornetix, picked up on the idea, saying that in a “war on terror universe,” he 100% agrees.
You know, the first thought when you think about these two concepts is that zero trust and MPE are diametrically opposed. Because I don't want to share what I have. I want to protect my data.
In a brief back-and-forth, Pulsipher and White noted the possibilities of data, algorithms or hardware being spoofed. “I mean, that's never covered,” White said.
“I see your point,” Pulsipher responded. “And that's why it's so important to have, and to leverage, some of the existing technologies to help prevent those sorts of things from happening.”
Pulsipher went on to add that zero trust actually enables MPEs. “It’s sort of counterintuitive, but in a sense, zero trust enables MPEs,” he said, to which White responded, “100% agree.”
Patrick Perry, Zscaler’s chief technology officer for the Defense Department and intelligence community, took a different tact, saying that “the foundation of zero trust is actually 100% in line with MPE.”
Perry added that the whole principle of zero trust was that “people and data are not always in the same building together anymore, and they're not always on the same team, but we have to account for that. You may need to get the access to data that you don't administratively control from a location that you don't administratively control and vice versa.”
