Abstract
Now that we’ve introduced the principles of Zero Trust and examined several models, let’s look at some real-world examples of Zero Trust systems. Two of these—Google’s BeyondCorp and the PagerDuty Zero Trust system—have been publicly described, and are good examples of Zero Trust architectures and systems, implemented internally at two very different enterprises with very different approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See https://research.google/pubs/ and search for “BeyondCorp.”
- 2.
“BeyondCorp: A New Approach to Enterprise Security,”;login: December 2014, Vol. 39, No. 6
- 3.
BeyondCorp: Design to Deployment at Google, :login; Spring 2016 Vol. 41, No. 1.
- 4.
We discuss NAC and 802.1x later, in Chapter 7.
- 5.
Evan Gilman and Doug Barth, Zero Trust Networks (O’Reilly, 2017)
- 6.
Initially they used Chef, but later they transitioned this to a separate system.
- 7.
One of this book’s co-authors, Jason, is currently Co-chair of the SDP Zero Trust Working Group at the CSA. He joined the working group in 2015, after the publication of the initial specification.
- 8.
Software-Defined Perimeter Specification 1.0, Cloud Security Alliance, 2014
- 9.
Software-Defined Perimeter Architecture Guide, Cloud Security Alliance, 2019
- 10.
For an introduction to all the SDP deployment models, see the Software-Defined Perimeter Architecture Guide.
- 11.
SDP specifies that using IPSec via IKE with mutual authentication is also acceptable.
- 12.
For a fascinating and nuanced analysis of the history of the Internet and its security challenges, we recommend the Washington Post eBook The Threatened Net: How the Web Became a Perilous Place (in particular, Part I). The talented and dedicated people who invented these internetworking protocols deserve tremendous credit for creating something amazing with very limited technology in the 1960s and 1970s. Building in encryption would have been technically impossible, given the limited compute capacity of the time, and even now, 50 years later, there’s no good, general solution to the key distribution problem.
- 13.
Here’s just one recent example: www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/.
- 14.
SDP uses RFC 4226—HOTP: An HMAC-Based One-Time Password Algorithm: https://tools.ietf.org/html/rfc4226.
- 15.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2021 Jason Garbis and Jerry W. Chapman
About this chapter
Cite this chapter
Garbis, J., Chapman, J.W. (2021). Zero Trust in Practice. In: Zero Trust Security. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-6702-8_4
Download citation
DOI: https://doi.org/10.1007/978-1-4842-6702-8_4
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-6701-1
Online ISBN: 978-1-4842-6702-8
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)