Can you trust zero trust?
Illustration: Christopher T. Fong/Protocol

Can you trust zero trust?

Source Code

Good morning! Zero trust is becoming critical for businesses to keep data safe. But you shouldn’t trust just anyone who tells you their product is “zero trust.”

Trust no one

The cybersecurity term “zero trust” is cryptic, overused, and often misconstrued. When it’s implemented correctly, experts agree that it’s the most effective way for companies to stop modern cyberattacks. The problem is, it’s not always implemented correctly.

Zero trust is about controlling access, and making sure that the right people have access and the wrong people don’t. Just because someone is in possession of a password, they shouldn’t necessarily be able to access everything, Protocol’s Kyle Alspach reports.

  • The main promise of zero trust is that, by limiting access as much as possible, you'll limit the amount of damage hackers can do if they do manage to breach your network.
  • Some ways to do this include bringing stronger control over access to corporate resources and ensuring that users aren't authorized to do more than is necessary for their role.

This isn’t the same as a corporate firewall, experts told Kyle. The traditional network security approach — such as firewalls and VPNs — is to define the trusted local area network and let people access what they want within it. Zero trust uses a different approach.

  • “Zero trust was created to overcome the network architecture,” said Jay Chaudhry, founder and CEO of Zscaler. “Firewalls and VPNs, versus zero trust, are fundamentally opposite.”

But vendors are muddying the waters. All kinds of cybersecurity products are now being marketed as zero trust, including firewalls and VPNS, creating “more confusion than clarity,” said Heath Mullins, a senior analyst at Forrester.

  • At the RSA security conference in June, for instance, Mullins said "every vendor on the show floor had zero trust in their marketing, to some degree.”

Zero trust is more of a philosophical shift than a single tool. Only if a product lines up with the principles of zero trust — for example identity security, access management, and network segmentation — should it be considered zero trust. “There’s nobody out there that does everything,” Mullins said. “The first company to get there is going to clean house.”

Read more: Why security teams are losing trust in the term “zero trust

The long road to open banking

It’s been 12 years since Congress passed the Dodd-Frank Act, the largest Wall Street reform in American history. The effects of the bill have been far-reaching, but one important part, section 1033, has been on hold all this time. That could be about to change, Protocol’s Veronica Irwin writes.

Section 1033 was meant to provide marching orders to banks and fintech firms looking to share data and grow their businesses by providing new digital services to customers, like budgeting software and online bill pay.

  • Instead, it prolonged years of squabbling and competition between banks, fintech companies, and consumer advocacy groups, which couldn’t agree on how rules stemming from section 1033 needed to be written.
  • At stake was control over customer data, the ability to ensure secure online transactions, and a chance to shape a new era of digital banking.

Now, finally, an end appears to be in sight. The Consumer Financial Protection Bureau, the agency tasked with rulemaking under section 1033, has signaled that the issue will go before its small business review panel before the end of the year.

One key player in breaking the stalemate was an industry group called the Financial Data Exchange, or FDX. It was able to generate surprising cohesion between fintechs, banks, and consumer groups on the technical tenets of what those rules should be.

  • Though FDX doesn’t advocate for specific policy proposals, its approximately 230-organization membership has settled on a single open API standard they think should adequately address any regulatory or industry concerns.
  • Now those members are acting in unison, pushing CFPB director Rohit Chopra to write rules that are friendly to their standard. Chopra was appointed last year and has suggested open banking is an issue he’s eager to tackle.

There still remain a few unsettled debates in open banking, though. The diversity of the financial system in America allows for many different niche perspectives, and the CFPB will need to work on bringing them all together.

Read more: How fintech got banks to come around on open banking

Cutting back the gas

As Russia cut off its deliveries of methane gas to the European Union, the bloc set a goal of cutting its gas usage by 15% by March. Though consumer choices can help with that, taking a look at industrial gas use may be key, Protocol Climate editor Brian Kahn reports.

Roughly 30% of EU gas demand is tied to industrial uses, according to a recent Rhodium Group analysis.

  • Six sectors are responsible for 87% of that demand, including chemical refinement; production of iron, steel, cement, and glass; printing; and food and beverage manufacturing.

Efficiency is key to making the biggest reductions in near-term gas use. One study from 2019 found that a third of energy used for industrial processes is wasted.

  • Some tech solutions to industrial gas hogging and waste are out there. Redesigning pipes to more efficiently capture heat; using factor sensors to detect waste; or implementing industrial-grade heat pumps can help cut down on wasted energy.

But the goal should be to stop using methane gas. For that, green hydrogen could be the ticket.

  • Companies like Siemens are getting into the green hydrogen business and are attracting buyers like Amazon and Maersk.
  • Investors see the potential: Hy24, a fund dedicated to clean hydrogen, closed a $2 billion fund for it last week.

The EU has a relatively full gas supply thanks to stockpiling by various nations, but cutting gas demand will help make it last as long as possible. Plus, leaning on carbon-free alternatives is a major benefit for the climate, and could help get the EU well on its way to being net-zero by 2050.

Read more: How to get the EU industry off methane gas for good

A MESSAGE FROM CIRCLE

USD Coin (USDC) is the institutional grade stablecoin. Monthly attestations show exactly what reserves back USDC, and businesses all over the world are using USDC to build the next generation of financial services and global payment applications.

Learn why institutions trust USDC at Circle’s Transparency & Stability Hub

People are talking

Jensen Huang, CEO of Nvidia, said the semiconductor industry is “near its limit” of innovation:

  • “It’s near the limit in the sense that we can keep shrinking transistors, but we can’t shrink atoms — until we discover the same particle that Ant Man discovered.”

SEC commissioner Gary Gensler said the CFTC should have more jurisdiction over stablecoins:

  • “I think the CFTC could have greater authorities. They currently do not have direct regulatory authorities over the underlying non-security tokens.”

Coming this week

The Women, Influence and Power in Law conference starts Monday and runs through Wednesday in Washington, D.C.

TechCrunch Disrupt starts tomorrow and runs through Thursday in San Francisco.

Think INNOVATE 2022 conference for mid-market companies in Baltimore begins Wednesday and runs until Friday.

Ericsson reports third quarter earnings on Wednesday.

Women in Tech Boston takes place Thursday and Friday.

Apple and Epic Games’ antitrust cross-appeal happens Friday.

In other news

Kanye West plans to buy Parler. West said he wants people with conservative opinions to be able to "freely express" themselves online.

Booking.com is getting investigated by Spain's competition watchdog after complaints that the company had imposed on unfair conditions in hotels booked in the country.

Apple won't use YMTC's chips, at least for now, after the U.S. put export restrictions on Chinese chip companies.

Daniel Seifert joined Coinbase to help lead the company's expansion in Europe. The former Solarisbank exec will serve as regional managing director in Europe.

Celsius has been subpoenaed by a U.S. grand jury, as well as the SEC, CFTC, and FTC. Celsius said it is cooperating with all inquiries.

Apple store workers voted to unionize at a location in Oklahoma City, making it the second store in the country to do so.

Trump Media fired Will Wilkerson, senior VP of operations, after he shared internal documents from an SEC whistleblower with The Washington Post.

Momentive cut 11% of its staff. The Survey Monkey parent company shed roles across business development, customer support, recruitment, and sales staff.

SpaceX will continue to support Ukraine by providing Starlink access, Elon Musk said, despite the fact that it is “still losing money.”

Tesla won’t start production at its European gigafactory near Berlin until 2024, after a problem was discovered in a production process.

Shein parent company Zoetop was fined $1.9 million by the New York attorney general’s office for not letting the company’s users know of a breach that exposed the data of 39 million people.

Nikola founder Trevor Milton was convicted of fraud for lying to investors about the EV company’s tech.

TikTok on the Clock

All over TikTok, 20-something tech workers are sharing what their workday looks like. It usually starts with a free, company-sponsored breakfast, a multi-hour lunch, or chill time in the company nap room.

Though they catch flack from internet commenters for not working enough and only showing the rosy parts of tech, many said they can’t show much of their actual work. These vloggers often toe the line of what they can and can’t show so as to not stoke the ire of HR or security teams — and those who aren’t as vigilant have found themselves out of a job.

A MESSAGE FROM CIRCLE

USD Coin (USDC) is the institutional grade stablecoin. Monthly attestations show exactly what reserves back USDC, and businesses all over the world are using USDC to build the next generation of financial services and global payment applications.

Learn why institutions trust USDC at Circle’s Transparency & Stability Hub

Thoughts, questions, tips? Send them to sourcecode@protocol.com, or our tips line, tips@protocol.com. Enjoy your day, see you tomorrow.

Recent Issues

A tale of two FTXs

Elon Musk, the un-CEO