Broker Check

Zero Trust and The Kipling Method

June 23, 2022

Zero Trust uses "The Kipling Method". It is named after English poet Rudyard Kipling, who wrote about "six honest serving men" - Who, What, When, Where, Why and How.

As described by Steve King and John Kindervag, here is how these six principles apply:

  • Who should be allowed to access resources? This is determined through "asserted identity" - a validated and authenticated statement.
  • What application is the asserted identity allowed to use to access the resource?
  • When is the asserted identity allowed to access the resource? It should be limited to the time the user is typically on the computer system.
  • Where is the resource located?
  • Why is the user allowed to access the resource? There should be a "need to know" and sensitive information must be protected from unauthorized users.
  • How should traffic be processed  as it accesses a resource?