In tradition, organizations usually deploy security controls on their permeters and trust computers inside permeters. The zero trust concept was proposed to address the situation that organizations "over rely" on the permeter security controls in the mid of 2000s. Currently, people usually have several myths on zero trust concept. Therefore, we need to address the misconceptions and consider how to use the zero trust concept to improve security.
Shi-Cho Cha received the B.S. and Ph.D. degrees in information management from
National Taiwan University in 1996 and 2003, respectively. He is currently a Professor at the Department of Information Management, National Taiwan University of Science and Technology, where he has been a Faculty Member since 2006. He is a certified PMP, CISSP, CSSLP, CCFP, and CISM. Before he worked at NTUST, he worked in eLand Technologies, Inc, and PricewaterhouseCoopers, Taiwan. His current research interests include security and privacy of blockchain applications, IoT security and privacy, and information security risk management.