Zero Trust in Practice

Garbis, Jason; Chapman, Jerry W.

doi:10.1007/978-1-4842-6702-8_4

Jason Garbis³ &
Jerry W. Chapman⁴

2673 Accesses
3 Altmetric

Abstract

Now that we’ve introduced the principles of Zero Trust and examined several models, let’s look at some real-world examples of Zero Trust systems. Two of these—Google’s BeyondCorp and the PagerDuty Zero Trust system—have been publicly described, and are good examples of Zero Trust architectures and systems, implemented internally at two very different enterprises with very different approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 16.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
See https://research.google/pubs/ and search for “BeyondCorp.”
2.
“BeyondCorp: A New Approach to Enterprise Security,”;login: December 2014, Vol. 39, No. 6
3.
BeyondCorp: Design to Deployment at Google, :login; Spring 2016 Vol. 41, No. 1.
4.
We discuss NAC and 802.1x later, in Chapter 7.
5.
Evan Gilman and Doug Barth, Zero Trust Networks (O’Reilly, 2017)
6.
Initially they used Chef, but later they transitioned this to a separate system.
7.
One of this book’s co-authors, Jason, is currently Co-chair of the SDP Zero Trust Working Group at the CSA. He joined the working group in 2015, after the publication of the initial specification.
8.
Software-Defined Perimeter Specification 1.0, Cloud Security Alliance, 2014
9.
Software-Defined Perimeter Architecture Guide, Cloud Security Alliance, 2019
10.
For an introduction to all the SDP deployment models, see the Software-Defined Perimeter Architecture Guide.
11.
SDP specifies that using IPSec via IKE with mutual authentication is also acceptable.
12.
For a fascinating and nuanced analysis of the history of the Internet and its security challenges, we recommend the Washington Post eBook The Threatened Net: How the Web Became a Perilous Place (in particular, Part I). The talented and dedicated people who invented these internetworking protocols deserve tremendous credit for creating something amazing with very limited technology in the 1960s and 1970s. Building in encryption would have been technically impossible, given the limited compute capacity of the time, and even now, 50 years later, there’s no good, general solution to the key distribution problem.
13.
Here’s just one recent example: www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/.
14.
SDP uses RFC 4226—HOTP: An HMAC-Based One-Time Password Algorithm: https://tools.ietf.org/html/rfc4226.
15.
See www.cipherdyne.org/blog/2012/09/single-packet-authorization-the-fwknop-approach.html.

Author information

Authors and Affiliations

Boston, MA, USA
Jason Garbis
Atlanta, GA, USA
Jerry W. Chapman

Authors

Jason Garbis
View author publications
You can also search for this author in PubMed Google Scholar
Jerry W. Chapman
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Garbis, J., Chapman, J.W. (2021). Zero Trust in Practice. In: Zero Trust Security. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-6702-8_4

Download citation

DOI: https://doi.org/10.1007/978-1-4842-6702-8_4
Published: 27 February 2021
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-6701-1
Online ISBN: 978-1-4842-6702-8
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)

Publish with us

Policies and ethics