Zero Trust

 View Only
Expand all | Collapse all

Zero Trust Proof-of-Concept

  • 1.  Zero Trust Proof-of-Concept

    Posted Sep 20, 2022 05:41:00 PM
    Hi all

    @Philip Griffiths @Jun Yu thanks for your kind responses to my idea for a PoC and being willing to expose the results to public scrutiny.  Actually it is not a new idea. With Juanita Koilpillai as co lead authors of the publication below, we proposed a proof-of-concept.  Nobody took it up.  So perhaps this is a chance to discuss. I am happy to set up an initial meeting next week.   Software-Defined Perimeter (SDP) and Zero Trust | CSA
    CSA remove preview
    Software-Defined Perimeter (SDP) and Zero Trust | CSA
    A Zero Trust implementation using Software-Defined Perimeter enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models. Implementing SDP improves the security posture of businesses facing the challenge of continuously adapting to expanding attack surfaces that are increasingly more complex.
    View this on CSA >
    ​​

    ------------------------------
    Nya Murray
    Director
    Trac-Car
    ------------------------------


  • 2.  RE: Zero Trust Proof-of-Concept

    Posted Sep 22, 2022 10:38:00 AM
      |   view attached
    @Nya Murray Thanks for taking the lead on this project. Please set up the meeting and let's get this going. I am confident we will be able to show how ZT and data-centric bring a new paradigm.
    Meanwhile, here is a whitepaper on the evolution of ZT architecture and data-centric model.



    ------------------------------
    Jun Yu
    APF Technologies LLC
    ------------------------------



  • 3.  RE: Zero Trust Proof-of-Concept

    Posted Sep 25, 2022 04:25:00 PM
    Following on from the interesting discussion generated by @boris taratine - that is that there is no such thing as Zero Trust - it is a paradox, I'd like to propose that we develop a Foundation of Trust. This is not a new idea either.  Back in 2000 when I was consulting to Australian Government on Identity Management within the context of Certificate Authorities proposed as the basis for Identity Federation across organisations.  Well that did not happen.  Identity Management drifted through LDAP to Single Sign On, while network security see sawed through network and application layer VPN, to private MPLS, to shoring up TLS while various tokens emerged such as IKE and SAML.  So why am I telling you this story?  BECAUSE NONE OF IT WORKED FROM A SECURITY PERSPECTIVE.  I adopted Albert Einstein as my mentor in high school.  After all, he was a product of a Swiss education system that was in part founded by my Swiss ancestors. "We cannot solve our problems with the same thinking we used when we created them".  The Parable of Quantum Insanity.  
    1. It is impossible to authenticate every access from a Zero Trust perspective
    2. Current thinking is that we take a risk based approach to allowing access to sensitive systems, particularly personal and financial data (because lucrative data is target of cyber criminals as their motivation is money) and essential services such as energy, water and food logistics (for obvious reasons in a time of insane nationalism)
    In parallel with a current thinking on 'Zero Trust', that we require a view of current and emerging technology paradigms for Identity, Device, Network, Application Workload and Data, and all the complex interactions and dependencies between those non exclusive categories, which is being initiated by CSA, I propose the following:

    Establishment of a Foundation of Trust, based on best practice AND least risk probability.  The Foundation of Trust would be a practical demonstration of Use Case example