Keynote: Trust No System: The Unsettling Reality of Zero Trust


Authors:   Frederick Kautz


The presentation discusses the importance of establishing trust in computer systems and processes, and challenges the concept of 'zero trust' by suggesting that it should be renamed to 'zero implicit trust' to make it explicit.
  • Understanding the context of a system is important in determining how much to spend on defending it and what the value of the thing being defended is
  • Establishing trust in the foundation of a system is crucial before building on top of it
  • Developing a framework for trust involves asking questions about what is being trusted and why, and what the consequences are if that trust is violated
  • The blast radius of an incident should be kept small to minimize the impact of a breach or failure
  • The concept of 'zero trust' should be renamed to 'zero implicit trust' to make it explicit that something is being trusted and to encourage proper analysis and risk assessment
The speaker notes that too often people jump into an architecture and claim it is 'zero trust' without properly analyzing what is being trusted and why. They suggest that implicit trust in a system is a risk if it is not properly analyzed and made explicit. The speaker challenges the concept of 'zero trust' and suggests that it should be renamed to 'zero implicit trust' to encourage proper analysis and risk assessment.


In the age of cloud-native applications, "Zero Trust" has become a buzzword that often lulls us into a false sense of security. In this thought-provoking and contentious talk, we challenge the conventional wisdom surrounding trust and software security, asserting that trust is a decision made by the observer rather than an intrinsic property of a system. Buckle up as we dive into cloud-native security, revealing its inherent fallacies and misconceptions.We'll begin by debunking the myth of "trustworthy" systems, arguing that the observer's perception of trust is based on contextual factors and subjective judgment, not on any inherent trait within the system. We'll provide real-world examples of widely trusted systems that have failed catastrophically and examine the consequences of misplaced trust.Next, we'll explore the implications of this unsettling reality for developers, operators, and businesses. We'll discuss the need for continuous vigilance and validation in our security practices and the importance of embracing a culture of "reasoning about trust" in the cloud-native landscape.Finally, we'll offer actionable strategies for managing trust within cloud-native environments. These will include embracing chaos engineering to simulate failures, implementing comprehensive auditing and monitoring practices, and fostering a mindset of skepticism and continuous questioning regarding security.Join us as we pull back the curtain on the unsettling truth of software security and implore you to reconsider your approach to trust in the cloud.