The string (cheese) theory of zero trust
Aug 12, 2022
I regularly get asked, “How did you drive the change from the traditional data center and legacy architecture to a new paradigm of 100% cloud, DevNetSecOps, and zero trust everywhere?”
I could, of course, answer the question by outlining the sequence of tactical actions, initiatives, and strategic investments which helped me achieve the transition. But my journey will be different than yours, so how much would you really learn from this?
I recently stumbled across a far more elegant analogy on a trip to the local grocery store: string cheese. Love it or hate it, parents all over the world use this kid-size treat to move children away from bad sugary sweets to a healthier, more calcium-rich diet. I feel this way about hub-and-spoke networking and castle-and-moat security. They represented the best wisdom of their age, but after years of use, experience now tells us they hurt more than they help. We need to move to something better.
So what has string cheese got to do with moving to zero trust? As it turns out, quite a lot. Whilst meandering through the isles of the grocery store, I happened upon a parent pushing a young toddler in the back of a shopping cart. Anyone who has ever tried to keep a young child occupied during the weekly shop will know that it’s hard work. I could hear a tantrum building from an aisle over as his guardian strolled past some sugary goodies, clearly the source of the child’s frustration. As the noise reached pitch levels perceptible to only dogs and dolphins, I saw the guardian reach over to a shelf, pull off a pack of string cheese snacks, open one up, and hand it to the little boy.
Shock. Silence. What is this? It was clear the boy had never had string cheese before. He held it up, studying it closely, sniffing it from time to time, and generally trying to figure out what it was. This is different. It took a few seconds of sniffing, prodding, and general confusion before he decided to take one big bite. It was too much for his underdeveloped teeth. He clearly liked the taste. It was just too dense for him to eat this way. He tried to do too much too soon. What happened next was astounding. Almost instinctively and without being shown he raised his left hand and started to peel it like a banana. I stood there for a few minutes watching the child systematically peel apart the cheesy treat and put it in his mouth until there was nothing left. Then his hand reached out in search of more.
So, what did this experience teach me about change? Let me break it down for you:
- Change can be hard for some to swallow. String cheese, much like our traditional data centres, are tightly packed layers. In their “original packaging” they are hard to swallow. An architect friend of mine would describe this as being a highly aligned and highly coupled state – or in physics terms – extremely dense. Tightly packed objects are notoriously inflexible and usually extremely brittle. In fact, you can break string cheese in half pretty easily – much like our hub-and-spoke networks. The density of the architecture makes it inflexible and quite incompatible with organisational agility. Nevertheless, don’t be put off by the challenge ahead.
- Change usually leads to shock and suspicion. I experienced this myself with my network manager when I first outlined our zero trust goals and the internet-only ambition. He had spent some time researching next-gen networking and SD-WAN and, like a sugary snack, was quite excited to get his hands on it. And, much like the young boy, he was a little shocked and suspicious when he didn’t get what he expected. Ride out the waves of uncertainty, and take the time to study, sniff, and poke at the new paradigm. Humans are suspicious creatures by design, it’s hard-wired into the primitive parts of our brain. Ensuring we are not putting ourselves in danger is how we have survived for hundreds of thousands of years. Expect this reaction and take the time to get comfortable before taking your first bite.
- Don’t bite off more than you can chew. Peel apart the cheesy goodness. Deconstruct your architecture into manageable layers, starting with the outer layers first. In my experience, this meant peeling our network traffic into four parts. Internet for the user, application access for the user, internet for workloads, and finally workload-to-workload communications. Peel back each layer and deal with them separately. Sometimes our modern brains overthink things. Allow for a healthy dose of instinct and let some of the primitive brain do the peeling. If it feels right, it probably is.
- Be flexibly stringy. If you notice when you peel solid objects apart, the constituent layers are pretty flexible. It is their proximity that creates rigidity. Traditional castle and moat architectures are stiff and inflexible, not suitable for the agile requirements of today’s IT architecture. Deconstructed strips of cheese are soft and malleable – able to contort into whatever shape is required. String (cheese) theory shows us that being flexible is a great advantage and leads to easier management. Deconstructing your network layers means you can be far more adaptable, and flexibility is key to effective and lasting change.
- You will go back for more. When we allow ourselves to try something new, we are often surprised by how good it is. All over the world, network managers reach for their favourite flavour of network confectionery because it’s what they’re used to. Just because we are familiar with something, does not mean it’s healthy or the right choice for us.
Be bold. Experiment with string (cheese) theory for yourself. Embrace zero trust one calcium-rich strip at a time.
What to read next