14,932
edits
Changes
→Advantages & Complications
# Protect resources (assets, services, workflows, and network accounts), not network segments.
# Protect resources (assets, services, workflows, and network accounts), not network segments.
# Trust is a vulnerability.
# Trust is a vulnerability.
# least privilege<ref>[https://www.beyondtrust.com/blog/entry/what-is-least-privilege What is least privilege, Beyond Trust]</ref>
==History==
==History==
Zero Trust was created by [[John Kindervag]], while he was vice president and principal analyst at [[Forrester Research]].<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref>
Zero Trust was created by [[John Kindervag]], while he was vice president and principal analyst at [[Forrester Research]].<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref> The COVID-19 Pandemic expedited the development and deployment of zero trust architectures.<ref>[https://finance.yahoo.com/news/zero-trust-security-market-size-113000164.html Zero Trust Security Market, Yahoo Finance]</ref>
==Zero Trust Architecture==
==Zero Trust Architecture==
|-
|-
| Improved monitoring || Dependence on the policy decision point
| Improved monitoring || Dependence on the policy decision point
|-
| || Technical Debt (Redesigning, recoding, and redeploying internal applications can be costly and potentially disruptive)
|-
| || Legacy applications, infrastructure, and operating systems have no concept of least privilege, lateral movement, or dynamic, context-based authentication models
|-
| || Peer-to-peer (P2P)/mesh network technologies (used in Windows 10, for instance) do not work with access and microperimeter controls.
|-
| || Large deployments of a zero-trust model, such as that needed for [[Cloud Computing|Cloud]], DevOps, and [[IoT]], are going to be cost-prohibitive.<ref>[https://www.beyondtrust.com/blog/entry/why-zero-trust-is-an-unrealistic-security-model Why Zero Trust is an Unrealistic Security Model, Beyond Trust]</ref>
|}
|}