Word Notes 3.7.23
Ep 138 | 3.7.23

Device trust (noun)

Transcript

Rick Howard: The word is: device trust.

Rick Howard: Spelled: Device as in a hardware computer such as a mobile device, desktop, or server, and trust as in confirmation that a device is the actual device it claims to be and that it complies to an established security policy.

Rick Howard: Definition: The process of verifying that a device is known, secure and uncompromised before allowing it to connect to a network or access key resources.

Rick Howard: Example sentence: Our zero trust strategy includes device trust as a key and essential tactic.

Rick Howard: Origin and context: Device trust is one of three components of a zero trust architecture. The other two being people trust and a software trust. For device trust, the DevSecOps system that manages and continuously monitors the zero trust architecture is sometimes called a mobile device manager or MDM. Typical systems conduct two types of integrity checks. The first is to verify that the monitor device is actually the device it claims to be by using public key cryptography standards or PKCS to create and manage signing certificates for all devices.

Rick Howard: The second integrity check is to confirm that the device is compliant with a previously established security policy, like the correct version of the operating system, all patches are applied, and no unauthorized applications are installed. Finally, and most importantly, these DevSecOps systems must continuously monitor both integrity checks. According to Beyond Identity, "just because the device is managed, doesn't mean the device is still securely configured, or that the security software is running properly on the device as expected," because things can and do change. The security posture of a device is only valid for a given point in time. Security settings can change, software can break or be uninstalled.

Rick Howard: Nerd reference: In the 1988 movie, "Die Hard" John McClane, a NYPD Cop played by Bruce Willis, demonstrates to the terrorist slash bank robber Hans Gruber, played by Alan Rickman, the importance of establishing device trust. Willis takes out a few of Rickman's henchman, steals their walkie-talkies, you know, it was the eighties, cell phones weren't really a thing yet and listens in on all of their plans. Finally, Willis decides to let them know he is the one that has been causing all the trouble, for reasons. One sound note, the audio volume goes up and down in this clip. The camera switches between the two actors who are in different locations. When the volume is loud, you're watching the actors talk into the walkie-talkie. When it's lower, you're watching the actor listening to the sound coming out of the walkie-talkie. Enjoy. 

Alan Rickman: This is simply the beginning.

Alan Rickman: I thought I told all of you I want radio silence, until further. 

Bruce Willis: Oh I'm very sorry, Hans, I didn't get that message.

Bruce Willis: Maybe you should have put it on a bulletin board, but I figured since I wax Tony and Marco his friend here, I figured you, and Carl, and Franco might be a little lonely. So I wanted to give you a call. 

Alan Rickman: This is very kind of you, I see you are our mysterious party crusher. You're our most troublesome for our security guard.

Bruce Willis: Sorry, Han's. Wrong guess. Would you like to go for double jeopardy where the scores can really change? 

Alan Rickman: Who are you then? 

Bruce Willis: Just to fly in the ointment Hans. The monkey in the wrench, the pain in the ass. 

Alan Rickman: Check on all the others, don't use the radio. See if he's lying about Marco, and find out if anyone else is missing.

Alan Rickman: Do really think you have a chance against us, Mr. Cowboy?

Bruce Willis: Yippee ki-yay expletive.

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talent. Elliott Peltzman. Thanks for listening.