Work in progress

This list is work in progress, if you have suggestions on what to add, please add a comment below or drop me a mail or note.

The origins

Zero Trust is not exactly a new idea, but a name for a architecture that takes least privilege as the first design principle and assumes nothing can be trusted. I am not sure who established the category at this moment, but it seems Google and Forrester Research have both been working on this. John Kindervag (@kindervag) originally published the model in 2010. That paper is still valid 9 years after the first publication and it shows great foresight and vision. Kudos to that.

The first Zero Trust Network that is mentioned and had a public appearance and serves as a blueprint for many of the people that want to build one is Googles Beyond Corp, a design and framework that shifts access controls from the perimeter.

• Forresters original paper by John Kindervag
• Beyond Corp Startpage

Books and papers

There are not many books that deal with Zero Trust, but there is the book that talks about the framework and building blocks in great detail and is a fun read too.

• Zero Trust Networks
• Zero Trust Architecture NIST 800-207

Analysts

Forrester published their Zero Trust eXtended wave late 2018, it is a great read and you will likely find the report best by looking at some of the mentioned vendors webpages and get them through them.

• The Forrester Zero Trust eXtended (ZTX) Ecosystem Providers Q4/2018

Videos

A great talk by Paul Simmonds about Zero Trust and what it is (and is not).

John Kindervag about Zero Trust, around 2012, this is in essence the above mentioned paper published in 2010

Links

• Beyond Corp
• Pomeriums list of resources
• Beyond Corp for the rest of us by Duo Security
• ACT IAC on Zero Trust trends

Building Zero Trust Networks with Office365. Focussing a lot on conditional access.

• O365 Zero Trust architecture