ACT IAC on Zero Trust trends

The American Council for Technology-Industry Advisory Council (ACT-IAC), a non commercial organisation for creating a more innovative government published a paper on Zero Trust

I would recommend this paper for anybody remotely thinking about Zero Trust, be it because you start thinking about introducing it or because it is just one of those trends that you want to catch up on.

There is a huge amount of truth and knowledge in this document and it is not having any marketing in it. I read it and thought this is sound advice for anyone that looks to improve their security posture with the ultimate, long term Zero Trust goal in mind.

Posted by Alexander Goller on Sunday, August 25, 2019

Ideas on segmentation metrics (part one)

What you measure is what you get

If you are like me and live and breath IT or IT security, the above statement probably does not ring a bell and you don’t realize the source of this. It is from a person called Robert. S. Kaplan who developed something you may have heard of, the balanced scorecard.

I will not dig into economics, because we are not in business school, but the essence of the scorecard is that you need metrics on which you can measure success or failure to be successful or be able to reach your objectives.

Posted by Alexander Goller on Thursday, August 22, 2019

A short history of segmentation

Let’s start this with quoting wikipedia on what network segmentation is according to a encyclopedia.

Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security.

How did this start?

Some of the readers might actually be old enough to remember how local area networks started out in the early 90s.

Posted by Alexander Goller on Monday, August 19, 2019

A collection of zero trust resources

Work in progress

This list is work in progress, if you have suggestions on what to add, please add a comment below or drop me a mail or note.

The origins

Zero Trust is not exactly a new idea, but a name for a architecture that takes least privilege as the first design principle and assumes nothing can be trusted. I am not sure who established the category at this moment, but it seems Google and Forrester Research have both been working on this. John Kindervag (@kindervag) originally published the model in 2010. That paper is still valid 9 years after the first publication and it shows great foresight and vision. Kudos to that.

Posted by Alexander Goller on Saturday, August 10, 2019

Visualization of an attack in a Zero Trust Network

Video by Forrester Research