Identity Based Segmentation for a ZTA - Zack Butcher, Tetrate & Ramaswamy Chandramouli, National Institute of Standards and Technology
Abstract
Zero Trust is all about replacing implicit trust based on the network – traditional perimeter security and an “access is authorization” model – with explicit trust based on identity and runtime authorization. This means applications must authenticate and authorize service communicate in addition to end users. This gives rise to patterns like identity aware proxies and the service mesh for enforcing access. We’ll discuss a quick-and-easy definition for a what a “zero trust architecture” is and discuss how a common use case – application communication from cloud to prem through a DMZ – can be simplified with identity aware proxies (and policy!), leading to organizational agility.