I have to agree that "zero trust" is terrible marketing (alongside "trustless computing" or variations of that). Generally, we think of "trust" as a positive term, and having zero of it seems bad. That's at least the brain-stem reaction I have to this term, and I think no amount of "but but but you see the problem is we trust the wrong things therefore we should have none of it" will fix the perception.
If I'm not mistaken, the point of the term is that you're not just punting to the firewall to protect your network: eggshells are not sufficient to protect eggs. Thus the proposal isn't "zero shell eggs", it's closer to "all shell no egg".
I don't have a good alternative to it, but maybe something like "Continuous Skepticism", "Always Verify", "Pervasive Vigilance", or "Verify Everything" might be terms that evolve in the right direction. I don't think any of these are winners, but at least none of these take a fairly universally positive term (like trust) and negate it without further explanation.
"Zero trust" really feels more like just an eye-popping bullet point in a consultant's slide deck that gets thrown in to make sure the client hasn't totally nodded off by the 10th slide...
> I have to agree that "zero trust" is terrible marketing
I hate to say it but it's brilliant marketing to the people the vendors selling this are targeting - IT departments and CSO's lumped with compliance to arbitrary security certifications and audits.
For these people the user themselves are as much the enemy as the actual attack vectors: they do not trust the staff in their organisation and their goal is to implement infrastructure to control and surveil and limit the scope of their activities to the greatest extent possible.
So in fact, the double-speak of the "zero trust" phrasing fully aligns with their internal motivations and is now well and truly embedded in as a marketing term in the latest crop of security vendors.
I think that's what's intended by "zero trust". It's not that trust is bad, it's that it's not necessary when you architect the system in a certain way.
One defining trait of 2022 is the breakdown of trust. (The other is that people insist that "this time is different" and that history doesn't have anything to teach us about the current time.)
If you look at /new/ on HN you will see there are people who have nothing better to do than second-guess every decision the government or any other organization made about the coronavirus.
Blockheads think you can't trust banks, central banks, or anybody except the person who wants you to buy the latest shitcoin.
Yes, except that when marketing is involved the first order of emotional response is that you put the words in the blender and treat them as a "bag of words" independent of order or contextual meaning. That's just how people respond in the first 0.2 s, and since people receive one or two orders of magnitude of marketing communications than they can process that first 0.2s is critical as to if they will see any more of it.
If I'm not mistaken, the point of the term is that you're not just punting to the firewall to protect your network: eggshells are not sufficient to protect eggs. Thus the proposal isn't "zero shell eggs", it's closer to "all shell no egg".
I don't have a good alternative to it, but maybe something like "Continuous Skepticism", "Always Verify", "Pervasive Vigilance", or "Verify Everything" might be terms that evolve in the right direction. I don't think any of these are winners, but at least none of these take a fairly universally positive term (like trust) and negate it without further explanation.
"Zero trust" really feels more like just an eye-popping bullet point in a consultant's slide deck that gets thrown in to make sure the client hasn't totally nodded off by the 10th slide...