Zero trust network

What is Zero Trust Security

Zero Trust is a network security concept, was created by John Kindervag, a security analyst who worked at Forrester Research, based on the realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be trusted.

Traditional security model – Trust with verify

Zero trust model – Untrust with verify

Commercial zero trust network solutions

Microsoft https://www.microsoft.com/en-us/security/business/zero-trust

Cisco https://www.cisco.com/c/en_ca/products/security/zero-trust.html

Palo Alto, https://www.paloaltonetworks.com/network-security/zero-trust

Cloudflare https://www.cloudflare.com/en-ca/learning/security/glossary/what-is-zero-trust/

What makes zero trust network different

1 There is no trust zone  and every single access will go through trust/security engine(Most of them based on the commercial solutions)

2 Default whitelisting access control rather than a blacklist

3 Not reply on security perimeter although there is still deployed traditional security perimeter

Comercial zero trust solution is not the solution for small business

1 Service bonding security solution that might not suite for small business

2 Highly based edge security appliance/system

How to deploy zero trust network without dedicated security solutions/appliance

1 Transfer layered security perimeter to flatten micro-service boundaries

2 All network access need MFA access control