In the security world, zero trust is the new solution du jour. Whether it’s a firewall or an identity verification solution, or even a basic networking offering, everything is offering zero trust architecture (ZTA) as the cure for all your ills. You’d be forgiven if you’re not exactly certain what all the excitement is about. Even I have trouble figuring it out and I’m somewhat versed in all the aspects of the pieces.
One person who does know what’s going on is Ethan Banks. He knows the technology and how to explain it in a way that makes sense to those that don’t have their finger right on the pulse of all things secure. He has analyzed what makes zero trust architecture tick and he’s got a great handle on why it’s different than traditional perimeter security infrastructure. That means knowing where it works and where it doesn’t. It also means figuring out where it can’t possibly work and using that knowledge when someone tries to sell you a solution that can’t possibly hope to deliver on the hype.
As Ethan puts it in his excellent post:
In this edgeless context, I’ve noticed that ZTA tends to be endpoint-oriented, because that’s where enforcement often needs to happen. Think agents manipulating local host firewalls, for instance. Endpoints are not the only places where security enforcement can happen, however. For example, some zero trust products are proxies, which play architecturally well into the edgeless network concept. You can put a proxy anywhere and point a client at it. Performance when using said proxy is another question, but we don’t need to discuss the speed of light today.
Read more at Ethan’s blog here: A Networking Perspective On Zero Trust Architecture
Leave a Comment