Identity-Based Segmentation: An Emerging Standard for Zero Trust from NIST - Zack Butcher, Tetrate
Abstract
Zero Trust is all about replacing implicit trust based on perimeter security and network access with explicit trust based on identity and runtime authorization. This means authenticating and authorizing workloads in addition to end users, driving new patterns like identity-aware proxies and the service mesh for enforcing access. Join Zack Butcher, co-author of NIST security standards for microservices, in a discussion of the forthcoming Special Publication 800-207A on a Zero Trust Architecture (ZTA) model for access control in cloud native applications in multi-location environments. We’ll present a succinct and easy-to-understand definition of a “zero trust architecture” and discuss how a common use case—application communication from cloud to on-premises through a DMZ—can be simplified with identity aware proxies (and policy!), leading to improved security without sacrificing organizational agility.