TL;DR:
Despite advances like “The Zero Trust Model”, cybersecurity is still fundamentally broken, as repeatedly proven by the increasing breaches in the largest, most secured companies in the world. This series unveils an entirely different approach, made possible by a breakthrough in cryptography, that allows developers, like you, to stop worrying about the next vulnerability by locking systems with keys no-one will ever hold—Keys that are impervious to theft, loss, or misuse. This series demonstrates how the introduction of herd-immunity principles to cybersecurity removes today's inescapable need to blindly trust people, brands and processes. This new approach not only promises to redefine cybersecurity, but empowers you to innovate without fear of the inevitable breach. Try it here.
Every developer’s nightmare
You want to build something new, create awesome digital experiences, not to spend your nights worrying about security breaches. Yet here you are, staring at your screen, wondering if that last rushed feature commit opened the floodgates to a data breach. Remember when a single sketchy update nearly broke half the internet? Nobody wants to be that developer.
In today’s fast-paced world, security isn’t someone else’s problem. It’s a target painted directly on you. Cross-site scripting, SQL injections, session hijacking… Every line of code is a potential entry point for hackers, and every decision could lead to disaster. And it doesn’t even have to be your code – but a vulnerable 3rd party package you use!
Zero Trust: a false sense of security?
The Zero Trust model is hailed as the savior of modern cybersecurity. If you’ve spent any time in security meetings or reading up on best practices, you’ve heard of it. It operates on the principle of “Never trust, always verify,” promising to secure platforms by treating everything interacting with your system as a potential threat. On paper, it’s brilliant—the default response to any access request is to grant "zero trust." Then, with appropriate and ongoing validation, the model allows for least-privilege access—giving users and systems only the permissions they need to perform their tasks. Think of it like installing a card reader on every door in your office, from the boardroom to the bathroom, not just the entrance.
Yet, if Zero Trust is the answer, why are we still seeing massive breaches? Despite over $300 billion poured into cybersecurity, breaches caused over $10 trillion in damage last year. Clearly, something isn’t working.
Here’s the kicker: Zero Trust solutions, in their current form, don’t eliminate the need for trust, they just shift it around. Sure, you’re not implicitly trusting the devices or identities interacting with your platform anymore, but now you’re putting blind faith in the very systems that manage that trust—your Identity & Access Management (IAM) system, your antivirus, your monitoring tools—and the people that administer them. It’s like locking every door in your house but leaving all the keys with a minimum-wage guard.
You’ve verified access and enforced least privilege—great! But what happens when the system responsible for issuing these permissions is compromised? Who verifies them? Right now, no one.
Who’s watching the watchers?
The naming of “Zero Trust” is rooted in the base assumption that anything connecting with your platform is afforded no trust, by default. Unfortunately, it’s been obnoxiously slapped onto the packaging of most major cybersecurity products promising “zero” trust, but in reality, we blindly trust those systems enforcing it, with god-like powers. Whether it’s your IAM system, end-point security, or anomaly detection tools, they’re treated as infallible. But what if they’re compromised?
Have you ever checked if your antivirus is doing more harm than good? Can you even verify if the systems you rely on haven’t already been breached? No matter how sophisticated, no system is foolproof—When these particular systems fall, the entire house of cards collapses.
Attackers know this, and they’re going after the systems we depend on—our supply chains, our tools, even the very security measures we’ve put in place to stop them. The result? Breaches are causing damage on an unprecedented scale.
The trust problem isn’t what you think
There are many ways to maximize trust—like improving communications, proving follow-through, and demonstrating accountability—however, even at its top levels, trust is still a form of blind faith. Being such an intangible construct, trust isn’t some parameter you can fine-tune, install or fabricate. Therefore, to remove the need for trust altogether, we must focus on what we’re trusting—authority. A breach of trust becomes problematic only when authority is exploited or abused. In other words: if we remove all authority from something, it no longer requires any trust. It is then guaranteed to be completely safe.
Authority is what gives the power to make important decisions, like granting access to data. Hackers don’t need to break through every layer of security—they just need to compromise the authority that controls it. Whether it’s a rogue admin, a misconfigured server, or a hacked vendor, once authority is abused, your platform is left vulnerable.
Authority is the Achilles’ heel of cybersecurity.
The Zero Trust model aims to remove the need for trust, but today it still relies on systems that wield unchecked authority. Trust in these systems is required because we can’t independently verify what’s happening behind the scenes. The IAM, identifying a user as a super-admin, is hopefully doing so correctly all the time, but how could you know?
But what if we could remove that authority entirely? What if no single person, system, or entity was trusted with enough power to compromise your platform?
Enter Two-Way Zero Trust
Let me introduce you to a new concept: Two-Way Zero Trust. Imagine a world where you don’t just verify everything interacting with your system, but where the system itself is continuously verified—by you and others interacting with it. In this model, no single entity holds unchecked authority. Instead, authority is decoupled from any one person or system and distributed.
Think of it as upgrading Zero Trust’s mantra of “Never trust, always verify” and applying it to everything, including the system itself. Imagine every time your IAM granted a user admin privilege to your platform, you had an instant guarantee it was issued correctly. It’s like building a security fortress where even the guards are under constant verification. And the best part? Even if someone breaches the system, they can’t access sensitive data because the authority to unlock it lives outside the system entirely.
Whether you’re a startup founder or a market leading platform, implementing Two-Way Zero Trust means you can finally sleep at night without worrying about being the weak link in a security chain. Even in the worst-case scenario, your platform stays protected because no one holds the “keys to the kingdom” —shielding you from potential legal liabilities and preserving customer trust. You could rest assured that encrypted data can only be decrypted to correctly-verified users or that write-permission can only be given to those approved of it. For some, this could mean avoiding the kind of catastrophic breach that may spell the end of the company.
Where do we go from here?
So, what’s next? We’ve identified the real problem: authority. Now, the challenge is figuring out how to remove it from the systems and people managing it. It’s not about abstract trust—it’s about ensuring that no one holds enough power to cause catastrophic damage, even if they’re compromised.
In the next part of this series, we’ll dive deeper into the vulnerabilities around authority and explore how it’s managed today. More importantly, we’ll look at how we can strip authority away, ensuring that no one has unchecked control.
And we’re not just going to shift the burden into another box you’ll have to, well, trust. Instead, I’ll introduce a radically different approach to managing authority—one that could fundamentally reshape how we think about cybersecurity, privacy, and digital ownership.
Trust me. But don’t! Verify.
Original op-ed published here.
Authors:
This 5-part series outlining the worry-free future of cybersecurity for platform developers is an adaptation of Tide Foundation Co-Founders Michael Loewy and Yuval Hertzog’s keynote at ACM SIGCOMM 2024
Michael Loewy is a Co-Founder of Tide Foundation and serves on the advisory board of the Children’s Medical Research Institute.
Yuval Hertzog is a Co-Founder of Tide Foundation and one of the inventors of VoIP.
Series shortcuts:
- Part 1: It’s time to rethink cybersecurity for platform developers
- Part 2: It’s cybersecurity’s kryptonite: Why are you still holding it?
Top comments (0)