Cyber defense was developed to protect information technology (IT) systems. Security was based on the idea that there are two kinds of networks – trusted inside the perimeter and untrusted outside. This creates a situation where once a hacker is through the perimeter then the work site’s assets are ripe for the taking – and that perimeter has become progressively more difficult to define as the cloud and other modernized, interconnected technologies make their way into work sites.
Zero trust was developed to secure technology in IT environments, basically by assuming activity is untrustworthy until proven otherwise by more meticulous inspection and policies. The key concepts of IT zero trust, however, are based around securing networks for user activity – what about networks that were created for operational technology (OT) and assets?