Broker Check

Zero Trust and The Kipling Method

June 23, 2022
Share |

Zero Trust uses "The Kipling Method". It is named after English poet Rudyard Kipling, who wrote about "six honest serving men" - Who, What, When, Where, Why and How.

As described by Steve King and John Kindervag, here is how these six principles apply:

  • Who should be allowed to access resources? This is determined through "asserted identity" - a validated and authenticated statement.
  • What application is the asserted identity allowed to use to access the resource?
  • When is the asserted identity allowed to access the resource? It should be limited to the time the user is typically on the computer system.
  • Where is the resource located?
  • Why is the user allowed to access the resource? There should be a "need to know" and sensitive information must be protected from unauthorized users.
  • How should traffic be processed  as it accesses a resource?