Perimeter defenses guarding your network aren't as secure as you might think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile.

In this updated edition, the authors show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.

• Explore fundamental concepts of a zero trust network, including trust engine, policy engine, and context aware agents
• Understand how this model embeds security within the system's operation, rather than layering it on top
• Use existing technology to establish trust among the actors in a network
• Migrate from a perimeter-based network to a zero trust network in production
• Examine case studies that provide insights into various organizations' zero trust journeys
• Learn about the various zero trust architectures, standards, and frameworks

Table of Contents

Chapter 1. Zero Trust Fundamentals

Chapter 2. Managing Trust

Chapter 3. Context-Aware Agents

Chapter 4. Making Authorization Decisions

Chapter 5. Trusting Devices

Chapter 6. Trusting Identities

Chapter 7. Trusting Applications

Chapter 8. Trusting the Traffic

Chapter 9. Realizing a Zero Trust Network

Chapter 10. The Adversarial View

Chapter 11. Zero Trust Architecture Standards, Frameworks, and Guidelines

Chapter 12. Challenges and the Road Ahead

Have you found the overhead of centralized firewalls to be restrictive? Perhaps you’ve even found their operation to be ineffective. Have you struggled with VPN headaches, TLS configuration across a myriad of applications and languages, or compliance and auditing hardships? These problems represent a small subset of those addressed by the zero trust model. If you find yourself thinking that there just has to be a better way, then you’re in luck—this book is for you.

Network engineers, security engineers, CTOs, and everyone in between can benefit from zero trust learnings. Even without a specialized skill set, many of the principles included in this book can be clearly understood, helping leaders make decisions that implement a zero trust model, improving their overall security posture incrementally.

Additionally, readers with experience using configuration management systems will see the opportunity to use those same ideas to build a more secure and operable networked system—one in which resources are secure by default. They will be interested in how automation systems can enable a new network design that is able to apply fine-grained security controls more easily. Finally, this book explores a mature zero trust design, enabling those who have already incorporated the basic philosophies to further the robustness of their security systems.

Why We Wrote This Book

We started speaking about our approach to system and network design at industry conferences in 2014. At the time, we were using configuration management systems to rigorously define the system state, applying changes programmatically as a reaction to topological changes. As a result of leveraging automation tools for this purpose, we naturally found ourselves programmatically calculating the network enforcement details instead of managing the configuration by hand. We found that using automation to capture the system design in this way allowed us to deploy and manage security features, including access control and encryption, much more easily than in systems past. Even better, doing so allowed us to place much less trust in the network than other systems might normally do, which is a key security consideration when operating in and across public clouds.

While writing this book, we spoke to individuals from dozens of companies to understand their perspective on network security designs. We found that many of those companies were reducing the trust of their internal networks. While each organization took a slightly different approach in their own system, it was clear that they were all working under the same threat model and were, as a result, building solutions that shared many properties.

Our goal with this book isn’t to present one or two particular solutions to building these types of systems, but rather to define a system model that places no trust in its communication network. Therefore, this book won’t be focused on using specific vendor software or implementations, but rather it will explore the concepts and philosophies that are used to build a zero trust network. We hope you will find it useful to have a clear mental model for how to construct this type of system when building your own system or, even better, reusable solutions for the problems described herein.

About the Author

Razi Rais is a cybersecurity leader with more than 20 years of expertise in building and running secure and resilient systems. He has been working with Microsoft for over a decade, holding positions such as software engineer, architect, and product manager. His current focus at Microsoft is on building cutting-edge cybersecurity products and services. Razi is also a lead author of several books, including Azure Confidential Computing and Zero Trust (O'Reilly), Microsoft Identity and Access Administrator (Microsoft Press), and Programming Microsoft's Clouds (Wrox Press). In addition to being an active member of the GIAC Advisory Board, he speaks frequently at international conferences like RSA and conducts workshops and training sessions on platforms such as O'Reilly and LinkedIn. You can contact him on LinkedIn (https://www.linkedin.com/in/razirais) or visit his website (https://razibinrais.com/).

Christina Morillo is an accomplished enterprise information security and technology leader with over two decades of practical experience building and leading comprehensive information security and technology programs. Her skill and expertise have landed her roles at organizations such as Microsoft and Morgan Stanley, and she currently leads information security for an NFL sports team. Christina's impact extends beyond her enterprise security work. She is a speaker and the author of 97 Things Every Information Security Professional Should Know and The Future of Security (both published by Oâ??Reilly). Christina has also contributed to and been featured in a variety of industry publications. In addition, she serves as a Fellow and Advisor at New America for the #ShareTheMicInCyber Initiative, showcasing her commitment to the broader security community. For more on her professional journey and insights, visit https://bio.site/christinamorillo and https://www.christinamorillo.com.

Evan Gilman is the co-founder and CEO of SPIRL, the workload identity company. With roots in academia and a background in operations engineering and computer networks, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author, Evan is passionate about designing systems that strike a balance with the networks they run on.

Doug Barth is a software engineer who loves to learn and shares his knowledge with others. In his over 20 years of professional experience, he has worked as both an infrastructure and product engineer at companies like SPIRL, Stripe, PagerDuty and Orbitz. He has built and spoken about monitoring systems, mesh networks, and failure injection practices.