This week we chat with Ryan Alford, Founder and CEO of Engineering Design Group (EDG), and we dig into how Zero Trust impacts the future of hardware, software, IoT, and access (both human and machine).
EDG provides distributed sensor monitoring through a cloud-based solution and associated hardware for organizations with critical data needs. As a hardware manufacturer, that also provides software with important data sets, they have a double edge sword to consider when securing their products.
Find the transcript and video format of AZT on adoptingzerotrust.com
Access by contractors and third-party vendors should be highly limited, which is why solutions like VPNs do not align with Zero Trust
Through an Identity Provider (IdP) such as Okta, Microsoft, Apple, etc. you can limit access by user to specific cloud-based apps, but these solutions may not support 100% of your items out of the box (may need custom builds via API integrations).
From hardware to software, it should be assumed that nothing is fully secure and that runs under the scope that you already have been infiltrated.
There are no silver bullets in security, ever. Always verify, especially security claims, and lean on third-party validators (pen testing, security or privacy compliance, etc.)
Being transparent and honest is one of the best ways to build trust. Ryan suggests having a continuity plan that includes a vulnerability disclosure plan and a way for people to report issues.