the market has been acting as a reseller since late 90’s. we simply resell an old solution under a different shiny name again and again. one of the best examples is zero trust.
with all noises around this concept, poor desperate companies waiting to resolve their security issues, or perhaps thirsty budgets waiting to find a new shiny term to spend money on, all rush in to buy something already existed at least as long as I remember.
network segmentation and the concept of least privilege are perhaps the oldest security practices I remember, and then all of a sudden we decide to rephrase it in a different way and make a few more bucks out of it.
I love Zero Trust, but only as a new way to say: hey, you should segment your network, micro-segmentation is a must and remember to always pursue least privilege…
but I don’t like ripping off consumer by saying: hey, I have a new solution for you which resolves all your issues, we discovered it last night and we decided to sell it and let everybody enjoy or invention.
I believe I have multiple articles about how micro-segmentation can act literally as a panacea, not just at network level, but system and application, services and API. also least privilege is the most effective way of containment…but I don’t think we need to consolidate those in a new term like zero trust and then sell them as a new invention.
you may say it is al about packaging which I agree, but would you pay more for a packaged cocoa powder and feel that it is giving you a better hot chocolate vs buying same thing in bulk but then pay attention to how you brew it?