PodParley PodParley
PodParley PodParley
Log in

Zero Trust Tenants

An episode of the Breaking Into Cybersecurity podcast, hosted by Christophe Foulon | Renee Small | breakingintocybersecurity.org, titled "Zero Trust Tenants" was published on June 3, 2023 and runs 5 minutes.

June 3, 2023 ·5m · Breaking Into Cybersecurity

0:00 / 0:00

Summary

What is Zero Trust? Zero Trust is a cybersecurity concept that suggests that organizations should not automatically trust any user, device, or network, even if they are inside the network perimeter. Instead, all access to resources should be strictly controlled and verified based on the principle of least privilege. The idea behind Zero Trust is that traditional network security models, which rely on perimeter defenses to keep out external threats, are no longer sufficient in today’s connected world. With the proliferation of mobile devices and cloud services, it is increasingly difficult to define a clear perimeter, and attackers can easily gain access to an organization’s networks and systems from within. By adopting a Zero Trust approach, organizations can better protect themselves against these types of attacks. Instead of relying on perimeter defenses, they can implement granular access controls that are based on the specific actions and resources a user is trying to access. This can help prevent unauthorized access and reduce the risk of a security breach. With all of the huff and puff around Zero Trust, it is frustrating when vendors claim that their product is a Zero Trust “Solution.” For example, in a post this morning, a connection of mine shared some of the technical solutions to help achieve a Zero Trust approach but skipped the first steps of the Zero Trust Design Principles. According to the Zero Trust Principles by John Kindervag, you start with the following:* Define the protect surface (which you need to work with the business to understand the critical things to watch) -> There will be more than one “protect surface” and potentially more than one “protect surface” for a given business application * Map the transaction flows (which means understanding the business processes, how they flow, and they can be best designed considering any constraints) ->Look at What needs to be protected, Who needs access, When they need access, and Why they need access.* Architect a Zero Trust environment ( which means combining the protect surface, transactions flow, and an environment that includes access zero open access to people/systems that do not need access)* Create Zero Trust Policies (the formal design, governance, playbooks, incident response, etc., which will determine the way the systems are created)* Monitor and maintain (which ensures that the Zero Trust policies are managed, enforced, and continue to function in the manner designed, if not, the process for that protected surface should be re-designed). As you can see, Zero Trust is a design strategy that leads to something that can be managed and measured. Adding tools to the stack will not equal a Zero Trust environment if the protect surfaces and transaction flows are not designed with Zero Trust in mind. Zero Trust Design PrinciplesZero Trust Principles by John Kindervag --- Send in a voice message: https://podcasters.spotify.com/pod/show/breakingintocybersecurity/message

Episode Description

What is Zero Trust?

Zero Trust is a cybersecurity concept that suggests that organizations should not automatically trust any user, device, or network, even if they are inside the network perimeter. Instead, all access to resources should be strictly controlled and verified based on the principle of least privilege.

The idea behind Zero Trust is that traditional network security models, which rely on perimeter defenses to keep out external threats, are no longer sufficient in today’s connected world. With the proliferation of mobile devices and cloud services, it is increasingly difficult to define a clear perimeter, and attackers can easily gain access to an organization’s networks and systems from within.

By adopting a Zero Trust approach, organizations can better protect themselves against these types of attacks. Instead of relying on perimeter defenses, they can implement granular access controls that are based on the specific actions and resources a user is trying to access. This can help prevent unauthorized access and reduce the risk of a security breach.

With all of the huff and puff around Zero Trust, it is frustrating when vendors claim that their product is a Zero Trust “Solution.” For example, in a post this morning, a connection of mine shared some of the technical solutions to help achieve a Zero Trust approach but skipped the first steps of the Zero Trust Design Principles.

According to the Zero Trust Principles by John Kindervag, you start with the following:
* Define the protect surface (which you need to work with the business to understand the critical things to watch)
-> There will be more than one “protect surface” and potentially more than one “protect surface” for a given business application
* Map the transaction flows (which means understanding the business processes, how they flow, and they can be best designed considering any constraints)
->Look at What needs to be protected, Who needs access, When they need access, and Why they need access.
* Architect a Zero Trust environment ( which means combining the protect surface, transactions flow, and an environment that includes access zero open access to people/systems that do not need access)
* Create Zero Trust Policies (the formal design, governance, playbooks, incident response, etc., which will determine the way the systems are created)
* Monitor and maintain (which ensures that the Zero Trust policies are managed, enforced, and continue to function in the manner designed, if not, the process for that protected surface should be re-designed).

As you can see, Zero Trust is a design strategy that leads to something that can be managed and measured. Adding tools to the stack will not equal a Zero Trust environment if the protect surfaces and transaction flows are not designed with Zero Trust in mind.

Zero Trust Design PrinciplesZero Trust Principles by John Kindervag

--- Send in a voice message: https://podcasters.spotify.com/pod/show/breakingintocybersecurity/message

Share this episode

Similar Episodes

IRS CP261 Reminder: Subchapter S Salary & Payroll Tax Requirements

Apr 9, 2026 ·3m

Why He Kept His Day Job After Booking a Movie Franchise — Chad Michael Collins

Apr 9, 2026 ·70m

Health Law Alert: Governor Sherrill Signs Law Granting Independent Practice Authority for Certain Advanced Practice Nurses

Apr 3, 2026 ·4m

Healthcare Providers Must Update Their Notice of Privacy Practices by February 16, 2026

Mar 31, 2026 ·5m

This Is What a Real Working Actor Looks Like

Mar 31, 2026 ·49m

Best Advice for Young People | LIVE from the 2026 Empower Youth Summit | UWFZ Podcast Youth Wellness

Mar 31, 2026 ·38m

Similar Podcasts

Tech Talks Daily Neil C. Hughes If every company is now a tech company and digital transformation is a journey rather than a destination, how do you keep up with the relentless pace of technological change?Every day, Tech Talks Daily brings you insights from the brightest minds in tech, business, and innovation, breaking down complex ideas into clear, actionable takeaways. Hosted by Neil C. Hughes, Tech Talks Daily explores how emerging technologies such as AI, cybersecurity, cloud computing, fintech, quantum computing, Web3, and more are shaping industries and solving real-world challenges in modern businesses.Through candid conversations with industry leaders, CEOs, Fortune 500 executives, startup founders, and even the occasional celebrity, Tech Talks Daily uncovers the trends driving digital transformation and the strategies behind successful tech adoption. But this isn't just about buzzwords. We go beyond the hype to demystify the biggest tech trends and determine their real-world impact. From cybers The A-List Podcast Tom Christmann A podcast about breaking into the advertising industry featuring the best in the business. Sponsored by AdHouse Advertising School Diaries of a Data Scientist Jasmin and Kate Step into DODS with Kate & Jasmin, BASF data scientists, delving into data science & tech. From mentoring and tech interviews to global Artificial Intelligence (AI) and Machine Learning (ML) trends. 🔵 Tech Experts | 🔴 Business Experts | 🟣 Breaking into Data Science for New Talents🎧 Youtube https: https://www.youtube.com/@DiariesOfADataScie💻 Our Website: https://diariesods.carrd.co Kate's LinkedIn Profile: https://www.linkedin.com/in/kate-nazarova-data-science/Jasmin's LinkedIn Profile: https://www.linkedin.com/in/jasmin-weimüller-bsc2018 Underwater FlyZone Foster Huggins Motivate & Inspire, breaking into the Underwater FlyZone
URL copied to clipboard!