O'Reilly logo

Zero Trust Networks by Doug Barth, Evan Gilman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Realizing a Zero Trust Network

This chapter will help readers develop a strategy for taking the knowledge in previous chapters and applying it to their system. Zero trust networks are very likely to be built around existing systems, so this chapter will focus on how to make that transition successfully.

It’s important to remember that zero trust is not a product that can be bolted onto the network. It is a set of architectural principles which are applied based on the needs and constraints of the network. Therefore, this chapter cannot provide a checklist of changes to be made, but rather a framework for how to approach realizing in a zero trust network in your own system.

Choosing Scope

Before setting out to build a zero trust network, it is important to choose the proper scope for the effort. A very mature zero trust network will have many interacting systems. For a large organization, constructing these systems might be feasible, but for smaller organizations, the number and complexity of those systems may make a zero trust network seem out of reach.

It’s important to remember that the zero trust architecture is an ideal to work toward instead of a list of requirements that must be met completely from day one. This is no different than perimeter-based networks. Less mature networks may initially choose a simple network design to reduce the complexity of administration. As the network matures and the risk of a breach increases, the network will need to be redesigned ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required