cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Zero Trust is coming - are you prepared?

Hi All

 

An interesting piece by an Australian Technology Journalist, he has the right idea, but full of myths and half truths as usual.

 

https://ia.acs.org.au/content/ia/article/2021/zero-clue-about-zero-trust--.html?ref=newsletter

 

Regards

 

Caute_Cautim

 

 

21 Replies
Caute_cautim
Community Champion

@mgorman   I agree.  

 

One way to look at it is to refer back to the famous story from Rudyard Kipling 1902 - The Elephants Child.   One of the most famous lines is about the following:

"I Keep Six Honest Serving Men

I KEEP six honest serving-men
(They taught me all I knew);
Their names are What and Why and When 
And How and Where and Who."

 

Ask those important questions What. Why, When, How, Where and Who every time will give you full context.

 

https://sergiocaredda.eu/inspiration/i-keep-six-honest-serving-men-a-poem-by-rudyard-kipling/

 

Regards

 

Caute_cautim

 

Caute_cautim_0-1635370543529.png

 

LiuHuasong
Newcomer I


@Caute_cautim wrote:

@mgorman   Well ZTNA is a myth it is a construct invented by Gartner, and it only illustrates one Use Case, the protecting remote workers - there are currently about 43 Use Cases available. 

 

The term ZTNA was never part of the original Zero Trust principles.

 

Rather like another well known vendor stating they have Trusted Access, if you cannot trust anyone, anything, how can you have trusted access?

 

Regards

 

Caute_Cautim



"Zero Trust" is not a good term, think it literally and logically then it's just a BUZZ word.

We need Precise Trust or Fine Grained Trust or some clear term, then lead to "More Trust", not the "Zero Trust" confusion.

Caute_cautim
Community Champion

@LiuHuasong    I disagree, "Trust" by itself is just a term, which can be interpreted in many ways through legal such as "Trusts" as a concept.   Trust by itself is a philosophical condition, both human and very open to misinterpretation.  

 

But if you add terms such as Explicit Trust or Implicit Trust represents a scale as to the extent a human being feels, intuitively feeling safe or protected. 

 

Zero Trust is not a buzz word - look at the original term invented by John Kindervag.  It is an architecture hence the name Zero Trust Architecture, it is a framework, a concept, a construct,

 

https://www.youtube.com/watch?v=0GbqUxBYvyo

 

Go back to the original key resources including those from NIST and the released DoD Architecture framework, ignore the myths and misinterpretations.  

 

Regards

 

Caute_cautim

 

Caute_cautim
Community Champion

Hi All

 

I came across an interesting book, if you are interested in reading over Christmas: 

 

https://www.amazon.com/Zero-Trust-Security-Enterprise-Guide/dp/148426701X#customerReviews

 

Also available on Kindle too:

 

Or if you have an organisation which allows you access to O'Reilly, there is also a link to it:

 

https://learning.oreilly.com/library/view/zero-trust-security/9781484267028/

 

I would be interested to see what people think of it and its approach. 

 

Plus of course 8 hours plus of CPD's available too to booster up the certification.

 

Regards

 

Caute_Cautim

Caute_cautim
Community Champion

@mgorman"John Kindervag, then an analyst at Forrester Research, in 2010 coined the phrase “Zero Trust” to describe the security model that organizations should not automatically trust anything outside or inside their perimeters, and instead must verify everything and anything before connecting them to their systems and granting access to their data."

 

The above s what is meant by Zero Trust not the re-interpretation, by many others.  As stated previously always go back to the original source and verify for yourselves.

 

Regards

 

Caute_Cautim

Caute_cautim
Community Champion

There is a great deal more interest in Zero Trust and Zero Trust Architect (ZTA):

 

For instance the National Cyber Security Centre (NCSC) for UK provided the start of this very interesting series of blogs, which you may find interesting:

 

https://www.ncsc.gov.uk/blog-post/zero-trust-is-it-right-for-me

 

https://publications.opengroup.org/g21f

 

The Zero Trust Commandments presented in this document build on the Zero Trust Core principles.

 

Those of you who are members of the Open Group, will have access to this document for review purposes.

 

Regards

 

Caute_Cautim

 

 

 

 

 

 

 

 

Caute_cautim
Community Champion

It appears that even 2022 predictions are now stating that Zero Trust Architecture and approach will lead to 144% increase in efficacy. 

 

https://venturebeat.com/2021/11/26/report-zero-trust-architecture-is-expected-to-increase-cybersecur...

 

https://venturebeat.com/2021/06/26/7-keys-to-evaluating-zero-trust-security-frameworks/

 

Some interesting comments arising on the subject.

 

Regards

 

Caute_Cautim

 

 

csjohnng
Community Champion

interesting.. 144%

John
Caute_cautim
Community Champion

Hi All

 

To add to the reasons why we need to take on Zero Trust and fight Log4J, given it is likely to be with us for years!!  Yes years, so buried and embedded this issue is without current systems:

 

https://www.cio.com/article/302868/why-the-log4j-vulnerability-makes-endpoint-visibility-and-zero-tr...

Regards

 

Caute_Cautim

CJM
Newcomer I

Great article - credible sources and references.