jspωiki
Web Blog_blogentry_301018_1

2018-10-30#

Zero Trust Notes#

Digitally Trust is a Binary True or False decision. Zero Trust implies there is no Trust.

Trust is a dangerous vulnerability that is exploited by malicious actors.

Trust can not be based on location. There is no trusted network vs un-trusted networks.

We can not be about a "Trusted" device or "trusted" people or a "trusted" network. There has never been any person or device on a network as networks only carry Packets.

Focus instead on Business outcomes:

Think about it like the secret service which it is known:
  • who the president is
  • where the president is
  • who should have access to the president
The president's car is a Micro-Perimeter that has a limited Attack Surface

The adversary today are Devices operated by attackers which do NOT have change control limitations.
How can we compete?

Limit Attack Surface:
Protected Resources should only have one interface to which access can be granted. Network Partitions, with (NGFW) (Layer 2-7 validation) are one method to limit the Attack Surface.
Microservices are another.

Continuous Improvement (which implies Real DevOps)

More Information#

There might be more information for this subject on one of the following: ...nobody