Every few years the industry takes a significant step towards a more holistic and capable security model. At the beginning, everything and everyone was trusted, and for good reason. You knew every operator and every machine that was connected to the network. But as networks have become ubiquitous, that level of trust is simply unreasonable. So we’ve built firewalls, and differing levels of inspection, but all of these tools still allow for some implicit level of trust between a machine and those machines closest to them. That is changing and that is what we’re here to talk about today. The newest trend in security is the concept of zero trust, and while it’s suffering the common plight of any new trend with multiple vendors trying to shape the definition, removing implicit trust in our networks is the next logical step towards a truly secure infrastructure.

Additional Resources

NIST special publication 800-207

Takes a pragmatic approach
Probably the best doc on zero trust arch today
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft2.pdf

Gilman, E., Barth, D. (2017). Zero Trust Networks : building secure systems in untrusted networks. Sebastopol, CA: O’Reilly Media.

This is a great book on implementing zero trust in a cloud native application environment.

No More Chewy Centers : Introducing The Zero Trust Model Of Information Security

The rosetta stone of zero trust
https://media.paloaltonetworks.com/documents/Forrester-No-More-Chewy-Centers.pdf

Kindervag, J. (2010). Build Security Into Your Network’s DNA: The Zero Trust Network Architecture

Good doc for understand the logic of big honking firewall
http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf

 

Network Collective thanks NVIDIA for sponsoring today’s episode. NVIDIA is positioned as the leader in open networking and provides end-to-end solutions at all layers of the software and hardware stack. You can experience NVIDIA Cumulus in the Cloud for free!  Head on over to:
https://cumulusnetworks.com/ncpod

to see what a modern open network operating system looks like for yourself.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/