Master course in Zero Trust Architecture 2.0
What is Zero Trust Architecture?
Zero trust is when security policy is applied based on context established through least-privileged access controls and strict authentication, not assumed trust. Zero trust architectures simplify network infrastructure, make users happier, and keep cyberthreats at a distance.
Since John Kindervag, then at Forrester Research, coined the phrase, zero trust architectures follow the maxim “never trust, always verify.” To block inappropriate access and lateral movement throughout an environment, zero trust architecture enforces access policies based on context—including the user’s role and location, the device they’re using, and the data they’re asking for.
A zero trust architecture means you know who’s using what, and you can track it, including encrypted traffic; you need to monitor and verify the traffic between parts of the environment; and you need multifactor authentication (MFA) that goes beyond passwords.
An important thing to remember is that in a zero trust architecture, a resource’s location isn’t as important as before. Rather than rigid network segmentation, software-defined microsegmentation protects your data, workflows, services, and such anywhere, in your data center or distributed hybrid or multicloud.
By using a network-centric data security strategy that provides specific access only to those who need it, Zero Trust Architecture focuses on the business needs and functionality of an organization. By enabling parameters to dictate access and restrictions, the Zero Trust model views data security from a whole new perspective. As opposed to legacy networks that have little to no visibility or control over network and data usage, Zero Trust Architectures see all network traffic through segmentation gateways with granular policies governing access to data, apps, and assets. There are certain rules that have to be followed before a resource can be accessed in a Zero Trust network.
The five major topics I want to cover in this master’s course are
1. Zero trust architecture 2.0: introduction and importance
2. A zero trust architecture’s objective, concept, maintenance, and pillars
3. Microsoft, Oracle, and IBM zero trust architecture practices
4. Zero trust architecture design principles and framework
5. Building a zero trust architecture and strategy