Difference between revisions of "Zero Trust Architecture"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Problems)
Line 10: Line 10:
 
* Users have a low level of tolerance for any continued process of Identifying and Authenticating.
 
* Users have a low level of tolerance for any continued process of Identifying and Authenticating.
 
* The US NIST has somehow convinced people that a [[Zero Trust Architecture]] is possible with a good [[User Experience]].<ref>NIST and NCCoE https://www.nccoe.nist.gov/projects/building-blocks/zero-trust-architecture</ref><blockquote> A zero trust architecture leans heavily on components and capabilities for identity management, asset management, application authentication, network segmentation, and threat intelligence. Architecting for zero trust should enhance cybersecurity without sacrificing the user experience. The NCCoE is researching ongoing industry developments in zero trust and its component technologies that support the goals and objectives of a practical, secure, and standards-based zero trust architecture.</blockquote>
 
* The US NIST has somehow convinced people that a [[Zero Trust Architecture]] is possible with a good [[User Experience]].<ref>NIST and NCCoE https://www.nccoe.nist.gov/projects/building-blocks/zero-trust-architecture</ref><blockquote> A zero trust architecture leans heavily on components and capabilities for identity management, asset management, application authentication, network segmentation, and threat intelligence. Architecting for zero trust should enhance cybersecurity without sacrificing the user experience. The NCCoE is researching ongoing industry developments in zero trust and its component technologies that support the goals and objectives of a practical, secure, and standards-based zero trust architecture.</blockquote>
 +
 +
==Solutions==
 +
# Abandon the impossible dream of any trust system that requires no effort by the user and the organization that support that user. Only hard and on-going effort will provide the trusted access that secure resources require.
  
 
==References==
 
==References==
  
 
[[Category: Glossary]]
 
[[Category: Glossary]]

Revision as of 09:35, 3 January 2021

Full Title or Meme

Zero Trust Architecture is a method that starts every interaction with no access and builds up access as the user adds proof of Identity and Authentication to meet the Authorization needs of the Resource sought by the User.

Context

  • Traditionally user access was granted at the point where the user entered the network with a protocol like Kerberos which was developed by Project Athena at MIT to sort the various components of a Research University into buckets that could assign trust at the entry point that followed the user wherever they went inside the MIT network.
  • In Zero Trust Architecture the user is given full access to the network and then provides such attributes of Identity and Authentication as are needed at each Resource access point. In other words the Internet.
  • The prevailing sense of Identity experts, like Kim Cameron, is that the lack of an identity layer in the Internet is a defects.
  • In other words, all existing methods focus on access to Resources rather than on User Experience.

Problems

  • Users have a low level of tolerance for any continued process of Identifying and Authenticating.
  • The US NIST has somehow convinced people that a Zero Trust Architecture is possible with a good User Experience.[1]
    A zero trust architecture leans heavily on components and capabilities for identity management, asset management, application authentication, network segmentation, and threat intelligence. Architecting for zero trust should enhance cybersecurity without sacrificing the user experience. The NCCoE is researching ongoing industry developments in zero trust and its component technologies that support the goals and objectives of a practical, secure, and standards-based zero trust architecture.

Solutions

  1. Abandon the impossible dream of any trust system that requires no effort by the user and the organization that support that user. Only hard and on-going effort will provide the trusted access that secure resources require.

References

  1. NIST and NCCoE https://www.nccoe.nist.gov/projects/building-blocks/zero-trust-architecture