Forrester Research is releasing a report titled "Introducing the Zero-Trust Model of Information Network" (excerpt here) in conjunction with its Security Forum event in Boston this week.
The report attempts to retire the oft-used description of an IT security strategy comprising a crunchy outside (that's where you really clamp down) and a chewy center (where you let IT users roam free): "We've built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To confront these new threats, information security professionals must eliminate the soft chewy centre by making security ubiquitous throughout the network, not just at the perimeter."
John Kindervag will go more in-depth on the topic Thursday at the Security Forum.
The insider threat has increasingly been grabbing headlines, with high profile cases including the arrests of former Sprint employees for allegedly collaborating on an identity theft scheme.
Study after study of late has emphasized the increased insider threat. Verizon's Data Breach Investigations Report showed that nearly half of breaches were the result of users abusing their right to access sensitive data.
What's more organizations have been taking action to thwart the insider threat. This includes DARPA, which recently launched a project for protecting the Department of Defense from itself.
Vendors have long warned of the insider threat, but they've been racheting up their efforts to help companies plug potential leaks. CA Technologies, for example, recently released tools to gain better control over so-called privileged users.