---

@Caute_cautim wrote:

@mgorman   Well ZTNA is a myth it is a construct invented by Gartner, and it only illustrates one Use Case, the protecting remote workers - there are currently about 43 Use Cases available. 

 

The term ZTNA was never part of the original Zero Trust principles.

 

Rather like another well known vendor stating they have Trusted Access, if you cannot trust anyone, anything, how can you have trusted access?

 

Regards

 

Caute_Cautim

---

"Zero Trust" is not a good term, think it literally and logically then it's just a BUZZ word.

We need Precise Trust or Fine Grained Trust or some clear term, then lead to "More Trust", not the "Zero Trust" confusion.

@LiuHuasong    I disagree, "Trust" by itself is just a term, which can be interpreted in many ways through legal such as "Trusts" as a concept.   Trust by itself is a philosophical condition, both human and very open to misinterpretation.  

But if you add terms such as Explicit Trust or Implicit Trust represents a scale as to the extent a human being feels, intuitively feeling safe or protected. 

Zero Trust is not a buzz word - look at the original term invented by John Kindervag.  It is an architecture hence the name Zero Trust Architecture, it is a framework, a concept, a construct,

https://www.youtube.com/watch?v=0GbqUxBYvyo

Go back to the original key resources including those from NIST and the released DoD Architecture framework, ignore the myths and misinterpretations.  

Regards

Caute_cautim

Hi All

I came across an interesting book, if you are interested in reading over Christmas: 

https://www.amazon.com/Zero-Trust-Security-Enterprise-Guide/dp/148426701X#customerReviews

Also available on Kindle too:

Or if you have an organisation which allows you access to O'Reilly, there is also a link to it:

https://learning.oreilly.com/library/view/zero-trust-security/9781484267028/

I would be interested to see what people think of it and its approach. 

Plus of course 8 hours plus of CPD's available too to booster up the certification.

Regards

Caute_Cautim

@mgorman"John Kindervag, then an analyst at Forrester Research, in 2010 coined the phrase “Zero Trust” to describe the security model that organizations should not automatically trust anything outside or inside their perimeters, and instead must verify everything and anything before connecting them to their systems and granting access to their data."

The above s what is meant by Zero Trust not the re-interpretation, by many others.  As stated previously always go back to the original source and verify for yourselves.

Regards

Caute_Cautim

There is a great deal more interest in Zero Trust and Zero Trust Architect (ZTA):

For instance the National Cyber Security Centre (NCSC) for UK provided the start of this very interesting series of blogs, which you may find interesting:

https://www.ncsc.gov.uk/blog-post/zero-trust-is-it-right-for-me

https://publications.opengroup.org/g21f

The Zero Trust Commandments presented in this document build on the Zero Trust Core principles.

Those of you who are members of the Open Group, will have access to this document for review purposes.

Regards

Caute_Cautim

It appears that even 2022 predictions are now stating that Zero Trust Architecture and approach will lead to 144% increase in efficacy. 

https://venturebeat.com/2021/11/26/report-zero-trust-architecture-is-expected-to-increase-cybersecur...

https://venturebeat.com/2021/06/26/7-keys-to-evaluating-zero-trust-security-frameworks/

Some interesting comments arising on the subject.

Regards

Caute_Cautim

interesting.. 144%

Hi All

To add to the reasons why we need to take on Zero Trust and fight Log4J, given it is likely to be with us for years!!  Yes years, so buried and embedded this issue is without current systems:

https://www.cio.com/article/302868/why-the-log4j-vulnerability-makes-endpoint-visibility-and-zero-tr...

Regards

Caute_Cautim