There is an evolving network security approach called a Zero Trust Network that when abstracted seems like a way to think about digital interactions.
One definition of a Zero Trust Network is as follows:
Traditional network security relies on a secure perimeter. Anything inside the perimeter is trusted, and anything outside the perimeter is not. A zero trust network treats all traffic as untrusted, restricting access to secure business data and sensitive resources as much as possible to reduce the risk and mitigate the damage of breaches.
Zero trust network security operates under the principle “never trust, always verify.” Users and network traffic are treated as if they’re operating in the open Internet, where a bad actor could be listening in or impersonating a user to gain access. Network traffic is encrypted to minimize the risk of interception. Attempts to access a sensitive area of the network from another area are screened as if the person (or app) trying to access the network is untrusted.
Never trust, always verify. It sounds like a pretty miserable way to go through life. Many of us live in a “trust but verify” mode in the physical world and in our in-person interactions. Frankly, it is rare that we have dealings with people who are completely unverified. You go to a party at a friend’s house and you meet someone new. Well, your host or someone at the party knows him. If you want to know more about him, you ask others. If no one knows him, a red flag goes up. If we meet an entrepreneur, most often someone in our network knows her or we were likely introduced to her by someone we trust. That’s business. Even then, before we give her money, we do a reference check and a background check. Trust but verify.
In the digital world, we get exposed to so many more people so much more frequently. Trust is a harder and harder thing to expect. For example:
One of our investment theses at Osage Venture Partners relates to zero trust enterprise solutions and the identification of specific enterprise data that requires a higher level of security. Recent investments include AppBus, a unified endpoint security and management solution that is built on top of a zero trust model architecture, and RiskLens, the leading provider of purpose-built cyber risk quantification solutions that enable business executives to focus security efforts on areas of greatest vulnerability.
Beyond pure security-focused investments, zero trust feels like a concept that will penetrate most digital interactions and will open up a whole new set of business models and business ecosystems. I think we will see a Zero Trust concept taking hold in a number of different areas.
We are surrounded and under attack by brilliant criminals who roam freely in our digital world, just waiting for us, or our families, or our co-workers to make a mistake. If this many criminals came into our neighborhood each day, we would move somewhere else. Most likely into a gated community. We are entering the zero trust digital age, and soon all of us will choose to live (personally and in business) in internet gated communities. It’s an increasingly dangerous world beyond the walls.
At Osage, our investments in AppBus and RiskLens are aligned with this Zero Trust theme. We expect these may be the tip of the iceberg.