Once upon a time, before the age of computers, when a business needed to secure and protect information and assets, discussions centered on limiting physical access to offices, paper files, and tangible documents. Locked file cabinets, restricted areas, and limited personnel access were the order of the day.
As computers gained a foothold in the business world and the internet became mainstream, new challenges arose. How was a business to protect non-tangible information that existed in this new, unseen, uncharted universe called the internet? Emphasis was placed on protecting internal business information, systems, and assets from outside attackers. Firewalls, antivirus, and passwords were deployed to prevent malicious actors from breaching the business perimeter and gaining internal access. This traditional network security followed the “Trust but Verify” method, in which internal users and endpoints within the business’ perimeter were automatically trusted once their log-in credentials were validated. Unfortunately, as both technology and hackers advanced, the “trust but verify” approach has proven inadequate to protect against internal bad actors or external hackers.