A Matter of Zero Trust

by Jay Cuthrell
Share and discuss on LinkedIn or HN

Billy Joel - “A Matter of Trust” (1986)

Getting Informed

This week we take a look at Zero Trust, Zero Trust Model, Zero Trust Security Model, Zero Trust Reference Architecture, Zero Trust Network Access, and Zero Trust Network Architecture. So, if this seems like an elongated list now, you should have zero — ahem — trust the list will be the last of the variants.

Please Subscribe!

And they may not want it to end 🎶

For me, “Zero Trust” is simply a shorter way of saying “Trust No One” using 9 characters and 1 space (2 words) instead of 10 characters and 2 spaces (3 words). Both work just as well for haiku with 3 syllables each.

i had a budget
zero trust ate it quickly
vendor paid for lunch

trust no one they said
set allow all to deny
no perimeter

There are many ways to refer to zero trust. As you might expect, the variations on what gets appended to “zero trust” goes on and on depending on the service provider or solution/software security vendor.

Here’s a quick sample across companies, products, government, and the Internet book of knowledge:

  • Google = zero trust model = BeyondCorp1
  • Tailscale = Zero Trust Networking = Incremental2
  • Cisco = Zero Trust Security = Borderless Networks3
  • VMware = Zero Trust Network Segmentation = Micro-segmentation4
  • F5 = Zero Trust = NGINX Secure Connectivity5
  • NIST = Zero Trust Architecture = NCCoE6
  • US DoD = Zero Trust Reference Architecture = DISA + NSA7
  • Wikipedia = Zero Trust Security Model = aka ZTA, ZTNA8

It’s hard when you’re always afraid 🎶

Zero trust jargon is arguably at least a decade old. Partly, this is due to the growth of virtual private networks (VPN) and the challenge of VPN deployments along with implementation frustration.

If you’ve ever had to use a VPN regularly, you know it is better than having to drive into an office — but the novelty wears off quickly. And if you’ve ever met me, you know I refer to VPN as the acronym for vexing productivity neutralizer.9

Still, I have been using VPN since the late 1990s and still do. However, my mood changed when there was the glimmer of hope from companies like Tailscale.10

There can hardly be a question of why 🎶

Ultimately, the why this matters is due to our societal appetites for what comes next. Eventually, how end users interact and how developers create the things end users interact with will lead to lower friction experiences.

From Cisco’s early “Borderless Networks” in the early 2010s to the modern day rush to prepend every product name with “zero trust”, it was the early work at Google (BeyondCorp circa 2009-ish11) that set the expectation bar: things should just work without an extra layer of software (VPN client) or steps (logging in with the VPN client) for the ideal user experience.

BTW, I remember blogging about Google Secure Access VPN in 2005 as part of their beta (everything is a beta) service called Google WiFi. Yes, it was a thing and — like most Google things — it went away eventually.12

[blows dust off old wordpress_mysql_dump_posts_2markdown files]

Circa 2005… off Google Secure Access VPN

So many hops… so many ISP eyeballs…Circa 2005… on Google Secure Access VPN

Less hops… and only Google eyeballs…So, what will be the next “zero trust” innovation to improve end user experience?

Until then… Place your bets!

Disclosure

I am linking to my disclosure.

1Read: Zero Trust and BeyondCorp Google Cloud

2Read: Zero Trust Networking Definition

3Read: Cisco Zero Trust Security

4Read: Zero Trust Network Segmentation and Micro-segmentation

5Read: Seven zero trust rules for Kubernetes

6Read: Implementing a Zero Trust Architecture

7Read: Department of Defense (DoD) Zero Trust Reference Architecture

8Read: https://en.wikipedia.org/wiki/Zero_trust_security_model

9Read: Thinking Remotely

10Read: https://news.ycombinator.com/item?id=31842778

11Read: The BeyondCorp Story

12Read: https://web.archive.org/web/20051116174445/http://wifi.google.com/faq.html

Topics:

✍️ 🤓 Edit on Github 🐙 ✍️

Share and discuss on LinkedIn or HN
  • Get Fudge Sunday each week