This is my attempt to achieve Zero Trust in a way that greatly exceeds the Microsoft and US Army Zero Trust specifications:<p><a href="https://github.com/prettydiff/share-file-systems/blob/master/documentation/decentralization.md">https://github.com/prettydiff/share-file-systems/blob/master...</a>
I’m a traditional network person. Is there a way to avoid zero trust?<p>It’s possible. Here’s a way to determine if the organization can ignore zero trust altogether:<p>- There is no shift to the cloud, now or in the future<p>- The supply chain is wholly owned by the organization or provided by vendors that allow for full auditing and verification<p>- All assets are self-hosted and managed by the organization<p>- All user devices are provided and strictly managed by the organization<p>- All users can be expected to connect from within a pre-determined physical location, not through a VPN<p>- All users are completely trustworthy at all times with no financial incentive to become compromised<p>- All users are well-trained in cybersecurity concepts and would never be negligent insiders<p>- All acquisitions and mergers are extremely audited for the above requirements, or assets are not co-mingled until the above requirements are met