Zero Trust Networking (ZTN): don’t trust anything

John Kindervag, a former analyst from Forrester Research, was the first to introduce the Zero-Trust model back in 2010. The focus then was more on the application layer. However, once I heard that Sorell Slaymaker from Techvision Research was pushing the topic at the network level, I couldn’t resist giving him a call to discuss the generals on Zero Trust Networking (ZTN). During the conversation, he shone a light on numerous known and unknown facts about Zero Trust Networking that could prove useful to anyone. 

The traditional world of networking started with static domains. The classical network model divided clients and users into two groups – trusted and untrusted. The trusted are those inside the internal network, the untrusted are external to the network, which could be either mobile users or partner networks. To recast the untrusted to become trusted, one would typically use a virtual private network (VPN) to access the internal network.

The internal network would then be divided into a number of segments. A typical traffic flow would enter the demilitarized zone (DMZ) for inspection and from there access could be gained to internal resources. The users are granted access to the presentation layer. The presentation layer would then communicate to the application layer, which in turn would access the database layer. Eventually, this architecture exhibited a lot of north to south traffic, meaning most of the traffic would enter and leave the data center.

The birth of virtualization changed many things since it had a remarkable impact on traffic flows. There was now a large number of applications inside the data center that required cross communication. That triggered a new flow of traffic, known as east to west. The challenge for the traditional model is that it does not provide any protection for east to west traffic flows.

Leave a Reply

Your email address will not be published. Required fields are marked *