Danny Jenkins
π€ SpeakerAppearances Over Time
Podcast Appearances
You could try and get me to approve a device, but that device hasn't been approved by the company.
Therefore, it cannot get into my account, whether it's Salesforce or Office or anything else.
And we have to verify the device first and then verify the user.
When was the last time you heard someone got phished and their phone was stolen at the same time?
A lot less likely than someone just got phished.
So I think laptops and desktops very, very rarely.
I think phones obviously, but again, it's their phone.
And their phone gets approved.
And we've had this whole conversation internally at ThreatLocker, do we allow personal phones to access?
But if we do, they have to be individually approved.
Authentication tokens have to be put on them.
They can't just say, oh, I'm going to self-approve any phone I want or give my credentials to an attacker to self-approve a phone.
I think the reality is people often think about zero trust is making it difficult for people.
But it's much more nuanced than that.
Even myself.
Like most computers, you have access to everything.
As a CEO, I've got a lot of access, but that doesn't mean every program on my computer has to access everything I access.
So it's really, hey, you have access to these financials using Excel.
You have access to the CRM using this browser.
You have access to your email from one of these devices.