Line 6: |
Line 6: |
| # Protect resources (assets, services, workflows, and network accounts), not network segments. | | # Protect resources (assets, services, workflows, and network accounts), not network segments. |
| # Trust is a vulnerability. | | # Trust is a vulnerability. |
| + | # least privilege<ref>[https://www.beyondtrust.com/blog/entry/what-is-least-privilege What is least privilege, Beyond Trust]</ref> |
| | | |
| ==History== | | ==History== |
− | Zero Trust was created by [[John Kindervag]], while he was vice president and principal analyst at [[Forrester Research]].<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref> | + | Zero Trust was created by [[John Kindervag]], while he was vice president and principal analyst at [[Forrester Research]].<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref> The COVID-19 Pandemic expedited the development and deployment of zero trust architectures.<ref>[https://finance.yahoo.com/news/zero-trust-security-market-size-113000164.html Zero Trust Security Market, Yahoo Finance]</ref> |
| | | |
| ==Zero Trust Architecture== | | ==Zero Trust Architecture== |
Line 65: |
Line 66: |
| |- | | |- |
| | Improved monitoring || Dependence on the policy decision point | | | Improved monitoring || Dependence on the policy decision point |
| + | |- |
| + | | || Technical Debt (Redesigning, recoding, and redeploying internal applications can be costly and potentially disruptive) |
| + | |- |
| + | | || Legacy applications, infrastructure, and operating systems have no concept of least privilege, lateral movement, or dynamic, context-based authentication models |
| + | |- |
| + | | || Peer-to-peer (P2P)/mesh network technologies (used in Windows 10, for instance) do not work with access and microperimeter controls. |
| + | |- |
| + | | || Large deployments of a zero-trust model, such as that needed for [[Cloud Computing|Cloud]], DevOps, and [[IoT]], are going to be cost-prohibitive.<ref>[https://www.beyondtrust.com/blog/entry/why-zero-trust-is-an-unrealistic-security-model Why Zero Trust is an Unrealistic Security Model, Beyond Trust]</ref> |
| |} | | |} |
| | | |