Designed from the outside in, 20th-century hierarchical networks have traditionally relied on classifying users as “trusted” and “untrusted.” Unfortunately, this methodology has proven to be insecure. With increased attack sophistication and insider threats, operating on the assumption that everything inside an organization’s network can be trusted is no longer viable. This legacy model assumes that a user’s identity has not been compromised and that all users act responsibly. If a user is “trusted,” that user has access to applications and data by default. History has shown us that trust is a vulnerability that can be exploited.
