TRUSTED ≠ TRUSTWORTHY
CONTEXT
The security architect's most dangerous suspect is probably not a malicious attacker, but rather
him or herself.
Microso's John Lambert says it well, "Defenders think in lists, attackers think in graphs. As long
as that is true, attackers win."
VULNERABILITIES IDENTIFICATION & TRACKING
Humans have cognitive biases including
overconfidence, blind spots, and being
susceptible to seductive details, data, and
security-conference presentations.
Root out fuzzy concepts in your security
architecture. Are you using the terms "trust"
or "principle of least privilege?" What do these
mean? Can you be more specific?
COUNTERMEASURE(S)
Don't rely on lists alone. Think of ways an API gateway and other security can make it more difficult
for an attacker to access your enterprise's resource graph.
ASSURANCE
Continually stress-test your assumptions and update your security architecture. It should be
a living, breathing exercise — more like practicing a martial art than admiring a painting in a
frame hung on a wall.
11
|
The Curious Case of "Trusted ≠ Trustworthy"
