@mgorman I agree.
One way to look at it is to refer back to the famous story from Rudyard Kipling 1902 - The Elephants Child. One of the most famous lines is about the following:
I KEEP six honest serving-men
(They taught me all I knew);
Their names are What and Why and When
And How and Where and Who."
Ask those important questions What. Why, When, How, Where and Who every time will give you full context.
@mgorman Well ZTNA is a myth it is a construct invented by Gartner, and it only illustrates one Use Case, the protecting remote workers - there are currently about 43 Use Cases available.
The term ZTNA was never part of the original Zero Trust principles.
Rather like another well known vendor stating they have Trusted Access, if you cannot trust anyone, anything, how can you have trusted access?
"Zero Trust" is not a good term, think it literally and logically then it's just a BUZZ word.
We need Precise Trust or Fine Grained Trust or some clear term, then lead to "More Trust", not the "Zero Trust" confusion.
@LiuHuasong I disagree, "Trust" by itself is just a term, which can be interpreted in many ways through legal such as "Trusts" as a concept. Trust by itself is a philosophical condition, both human and very open to misinterpretation.
But if you add terms such as Explicit Trust or Implicit Trust represents a scale as to the extent a human being feels, intuitively feeling safe or protected.
Zero Trust is not a buzz word - look at the original term invented by John Kindervag. It is an architecture hence the name Zero Trust Architecture, it is a framework, a concept, a construct,
Go back to the original key resources including those from NIST and the released DoD Architecture framework, ignore the myths and misinterpretations.
I came across an interesting book, if you are interested in reading over Christmas:
Also available on Kindle too:
Or if you have an organisation which allows you access to O'Reilly, there is also a link to it:
I would be interested to see what people think of it and its approach.
Plus of course 8 hours plus of CPD's available too to booster up the certification.
@mgorman"John Kindervag, then an analyst at Forrester Research, in 2010 coined the phrase “Zero Trust” to describe the security model that organizations should not automatically trust anything outside or inside their perimeters, and instead must verify everything and anything before connecting them to their systems and granting access to their data."
The above s what is meant by Zero Trust not the re-interpretation, by many others. As stated previously always go back to the original source and verify for yourselves.
There is a great deal more interest in Zero Trust and Zero Trust Architect (ZTA):
For instance the National Cyber Security Centre (NCSC) for UK provided the start of this very interesting series of blogs, which you may find interesting:
The Zero Trust Commandments presented in this document build on the Zero Trust Core principles.
Those of you who are members of the Open Group, will have access to this document for review purposes.
It appears that even 2022 predictions are now stating that Zero Trust Architecture and approach will lead to 144% increase in efficacy.
Some interesting comments arising on the subject.