# Protect resources (assets, services, workflows, and network accounts), not network segments.
# Protect resources (assets, services, workflows, and network accounts), not network segments.
# Trust is a vulnerability.
# Trust is a vulnerability.
+
# least privilege<ref>[https://www.beyondtrust.com/blog/entry/what-is-least-privilege What is least privilege, Beyond Trust]</ref>
==History==
==History==
Line 65:
Line 66:
|-
|-
| Improved monitoring || Dependence on the policy decision point
| Improved monitoring || Dependence on the policy decision point
+
|-
+
| || Technical Debt (Redesigning, recoding, and redeploying internal applications can be costly and potentially disruptive)
+
|-
+
| || Legacy applications, infrastructure, and operating systems have no concept of least privilege, lateral movement, or dynamic, context-based authentication models
+
|-
+
| || Peer-to-peer (P2P)/mesh network technologies (used in Windows 10, for instance) do not work with access and microperimeter controls.
+
|-
+
| || Large deployments of a zero-trust model, such as that needed for [[Cloud Computing|Cloud]], DevOps, and [[IoT]], are going to be cost-prohibitive.<ref>[https://www.beyondtrust.com/blog/entry/why-zero-trust-is-an-unrealistic-security-model Why Zero Trust is an Unrealistic Security Model, Beyond Trust]</ref>