The Model Is Broken
In the history of technology, few paradigms have caused as much collateral damage as the perimeter-based security model we adopted when we invented the internet.
For decades, enterprises have been granting access to their networks, assuming that keeping attackers out was the key to security. But this approach has failed. It has failed because granting access to networks inevitably grants pathways for threats. And it has failed because it places the burden of compensating for insecure products on enterprises, forcing them to spend millions on patchwork bolt-on security software and labor-intensive monitoring. We’ve created a multi-billion dollar cyber-security industry, where it’s in the players’ best interest to have product companies continue to ship insecure products that introduce vulnerabilities.
Product Providers Control Our Future
The time has come to address the root cause of our cybersecurity problems: network access.
As software and smart connected product providers—those who design, build, and sell networked products—the responsibility falls on us to lead the way. The industry transformation to a zero trust security model begins with the products we ship. Imagine a world where every vendor embeds zero trust principles into their solutions, ensuring that their products limit network access and enforce the least-privileged connectivity by design. Over time, the enterprise would not just become more secure—it would require fewer reactive security measures, saving resources and advancing innovation.
Zero Trust Fatigue
Zero trust is not just a buzzword; it’s a paradigm shift. Unlike traditional security models, zero trust assumes that no entity—user, device, or application—should be inherently trusted. Access is granted only to what is necessary, and connections are continuously verified.
Adoption of zero trust principles is challenging and will take time due to the complexity of overhauling legacy systems, evolving organizational mindsets, and ensuring seamless integration across diverse environments. While some security organizations are experiencing “zero trust fatigue” and the “zero trust” term has become somewhat jaded, it remains a critical and worthy approach to addressing the root causes of cybersecurity vulnerabilities.
The Case for Embedded Zero Trust
For enterprises, zero trust can eliminate the vulnerabilities inherent in open networks. But the current adoption of zero trust is hindered by the products we provide. Many networked products, whether they are software applications, industrial IoT devices, or connected hardware, still rely on customers to secure them. This reliance perpetuates the cycle of bolt-on security software, firewalls, and VPNs—band-aid solutions for a systemic problem.
When we embed zero trust into the products themselves, we break this cycle. Products become secure by design. They no longer rely on customers’ networks to operate, nor do they introduce vulnerabilities that enterprises must scramble to defend against.
The Responsibility of Product Providers
This transformation starts with us, the designers of software products and smart connected products.
Every product we build is an opportunity to lead the market with security and resilience, to gain customer trust, and to drive innovation in the right direction. By designing zero trust into our products, we shift the burden of security away from the customer and set a new standard for the industry.
Secure Networking As Code
With modern zero trust networking platforms like NetFoundry, product designers and developers can embed secure networking directly into their applications using just a few lines of code. This approach enforces authenticated and authorized access, ensuring users are limited to the application itself without exposing other network resources, effectively preventing lateral movement. By embedding key zero trust principles—such as end-to-end encryption, continual authorization, authorize-before-connect, and least-privilege access—applications become secure by design. This marks the next evolution in security, shifting from external protections to seamlessly embedding zero trust directly within applications.
The benefits are undeniable:
- For your customers: Reduced cybersecurity risks and fewer dependencies on expensive, complex security architectures and bolt-on cybersecurity solutions.
- For your business: Differentiation in a crowded market and greater adoption driven by trust and ease of deployment.
- For the industry: A collective movement toward solving the root cause of cybersecurity problems.
The Call to Action: Secure By Design
The perimeter model has failed. Enterprises shouldn’t have to spend millions compensating for the vulnerabilities insecure products create. They shouldn’t have to spend millions figuring out how to grant vendors and third parties connectivity and access to deployed products running in their enterprise. As product providers, we have the power—and the responsibility—to change this. By embedding zero trust connectivity into every solution, we can lead a revolution.
NetFoundry is proud to have signed the Secure by Design Pledge, an initiative by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that encourages software manufacturers to integrate security as a fundamental element in their product development. This pledge aligns with our unwavering commitment to creating a secure networking platform that empowers product providers to easily embed zero trust connectivity into their applications, making them inherently secure by design.
Secure By Design Pledge
Let’s build a world where every product is secure by design, only trusted identities have access, and every connection is least-privileged. Let’s free up enterprise resources to focus on innovation instead of defense. The zero trust transformation starts with us—and it starts with you.
We invite all product providers to join us in signing the CISA Secure by Design Pledge and to commit to delivering secure, resilient products that inspire trust and drive the future of connectivity. Together, we can address the root cause and build a safer, more secure world—one secure product at a time.