Zero Trust , livre ebook

Archway Publishing - Cody Gerhardt , Bruce Michelson

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

87 pages

English

Vous pourrez modifier la taille du texte de cet ouvrage

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Today’s security practices are not enough. Advancing beyond the legacy way of thinking to leverage a framework secures our future; this begins with Zero Trust.
Many of the security counter measures being leveraged by businesses today simply address the past (trust then verify). These tools advise and protect when issues are detected, then the problems can be addressed. There is often a time lag from identification, addressing the issues, and resolving the actual issues.
To understand the overall state of security in an organization there are a considerable number of tools required. For the most part, each of these tools have an application agent to be deployed. The result is often a “one of everything” approach.
Zero Trust is a framework not a solution. Zero Trust is a part of an ongoing continuous process improvement plan, and should evolve with the times to deliver true security to an organization.
The common thread is the ability to identify known vectors of end user satisfaction or organizational risk to address issues. The comment about “known” vectors is the key - security counter measures can only respond to what is known and understood at a particular moment in time.
Risk is a very straightforward concept. Risk is either real or not. Closed Loop Lifecycle Planning© in its research called The Risk Cycle© concluded that risk does not have a “gray” area - something is either a risk or not.
Our book has challenged the assumption that there is such a thing as “reasonable risk”. The theory of reasonable risk is that businesses and organizations make a conscious decision that a risk is reasonable to take, and then accepts the exposure.
Zero Trust would argue that the approach itself is not reasonable.

Sujets

Economics

Business

Informations

Publié par	Archway Publishing
Date de parution	26 avril 2023
Nombre de lectures	0
EAN13	9781665741927
Langue	English

Informations légales : prix de location à la page 0,0200€. Cette information est donnée uniquement à titre indicatif conformément à la législation en vigueur.

Extrait

ZERO TRUST
I REALLY DON’T TRUST YOU ANYMORE

BRUCE MICHELSON AND CODY GERHARDT

Copyright © 2023 Bruce Michelson and Cody Gerhardt.

All rights reserved. No part of this book may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the authors except in the case of brief quotations embodied in critical articles and reviews.

This book is a work of non-fiction. Unless otherwise noted, the authors and the publisher make no explicit guarantees as to the accuracy of the information contained in this book and in some cases, names of people and places have been altered to protect their privacy.

Archway Publishing
1663 Liberty Drive
Bloomington, IN 47403
www.archwaypublishing.com
844-669-3957

Because of the dynamic nature of the Internet, any web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.

Any people depicted in stock imagery provided by Getty Images are models, and such images are being used for illustrative purposes only.
Certain stock imagery © Getty Images.

Interior Graphics/Art Credit: Cody Gerhardt and Bruce Michelson

ISBN: 978-1-6657-4191-0 (sc)
ISBN: 978-1-6657-4192-7 (e)

Library of Congress Control Number: 2023906288

Archway Publishing rev. date: 04/25/2023
ABOUT THE AUTHORS
BRUCE MICHELSON
Bruce Michelson is an HP Distinguished Technologist (Emeritus) and the Manager of Close Loop LLC. Bruce has over 36+ years in delivering industry white papers and customer engagements. Bruce’s White Papers total over 1,000+ and engagements total over 350+. Bruce is the author of 7 books covering lifecycle management and user segmentation, among other topics.
Bruce has numerous copyrights and patents regarding his expertise including Closed Loop Lifecycle Planning©, User Segmentation©, Cost of Change©, Appropriate Incumbent Behavior© The Ready State©, and other intellectual property.
Bruce is currently adjunct instructor at Florida Atlantic University in Boca Raton, Florida, where he teaches Health Care IT and Advanced Systems and Design.
CODY GERHARDT
Cody Gerhardt is an HP Distinguished Technologist and Chief Technologist with over 16 years’ experience. Cody is a leader in security, manageability, modern workplace, cloud, and virtualization. Cody is well credentialed, and his expertise is in high demand across various industries.
Cody has been certified by ICS2 as a Certified Information Systems Security Professional (CISSP).
Cody has several published intellectual properties, pending patents and defensive publications including the Accelerated State©, teamed with Bruce.
Cody works with customers on modern management adoption, security, cloud adoption, virtualization, operating system management, and persona development.
Cody has published or co-published over 60+ industry white papers.
DEDICATION
Information sharing and knowledge gathering is a strong measure of the connection between people. As a constant learner one must keep their eyes open and ears ready to listen. This book is no different as conversations on the phone, at a restaurant, in a meeting room and through email all of which played a significant role in the materials covered.
FROM BRUCE
I am now the proud author of 7 books on various lifecycle topics. To my wife of 39+ years, Vicki, thank you for all your patience and encouragement as I continue to work with the best colleagues in the business. Your confidence in my work gives me the motivation to constantly research more and communicate my ideas.
To my son, Charles, you and I continue to share that academic and practical curiosity that makes us always want to learn more and more. I am constantly amazed at your continuing focus and appetite for learning.
Together we have accomplished a meaningful portfolio of work.
FROM CODY
This book is dedicated to my wife Rachael of 15 years, and my kids Leeah and Westen.
Rachael, your unwavering strength shows me that no matter what; I can wake up every day and continue to strive for more.
Westen and Leeah, your continued desire to learn and understand more about technology and how it works, reminds me every day why I chose this career. You three are my world and I am beyond grateful for each of your support for this book.
CONTENTS
Foreword By Jeff Malec
1.0 Management Summary
1.1 Business and Technical
1.2 Current State
1.3 The Pandemic
1.4 Post-Pandemic
1.5 What Problems are We Trying to Solve?
1.6 Economic Uncertainty
1.7 Change
2.0 Lifecycle Management Underpinning
2.1 Commodity Suite and Zero Trust
2.2 Value Suite and Zero Trust
2.3 Economic Suite and Zero Trust
2.4 Employee Stewardship
3.0 Industry Alignment on Core Validations Framework
3.1 Who’s framework is it anyway?
3.2 National Institute of Standards and Technology
4.0 Software, Hardware and Identity
4.1 Continuous Verification
4.2 Compliance
4.3 Policy
4.4 Threat
4.5 Activity
5.0 Location Matters
5.1 Authentication
5.2 Geolocation
5.3 Application Identity
5.4 Security Detections
6.0 Response
6.1 Automation
6.2 Prediction
6.3 Proactive Analytics
6.4 Analyze
7.0 … And I Don’t Trust Your Software Either
8.0 Collaboration and Telehealth
9.0 The Real Timeline
9.1 Zero Trust Culture
10.0 Zero Trust and User Segmentation
11.0 Where to Begin
12.0 The Emotions of Zero Trust
13.0 Regulatory Parallels
13.1 Zero Trust Certification
14.0 Ransomware
15.0 Security as a Service
16.0 Artificial Intelligence and Machine Learning
17.0 Governance Revisited
18.0 Application Ownership
19.0 Final Observations and Conclusions
Appendix
FOREWORD BY JEFF MALEC
Lifecycle Planning Subject Matter Expert, IT Enthusiast, CLLP fan
As I have spent the last 30 years of my career helping address the struggles of IT organizations, I felt honored when Bruce and Cody asked me to contribute to this book.
The work Bruce has laid out in Closed Loop Lifecycle Planning© gave me a thoughtful perspective on how to better think about managing devices wholistically with a strong foundation in the outcomes and impact of the services IT delivers.
Going back to my time at Microsoft, I’ve listened to and participated in dozens of talks with Bruce over the past 11 years that I’ve known him, helping IT methodically consider the effects of decisions made today and the overall result achieved. Each one drives home the points of optimization and alignment to the needs of both the organization and the users.
I met Bruce for the first time at a Multi-Customer Briefing in Houston, he was outlining the great IT trends affecting the outcomes of decisions that IT managers were tasked to make at that time. My job was to convince the room to deploy Windows 8. You can probably guess which session had a more positive response. Regardless, the day ended with customers intrigued by a longer-term way of thinking and how the evolving global trends would shape the demands of users going forward - and how IT can consider those trends in their plans. Then we went out for burgers.
In my work with Cody over the past two years at HP, I’ve been able to layer a unique security perspective, building on the foundations the Bruce developed. Travel restrictions imposed by the pandemic mean that I haven’t shook his hand, but I still feel connected to his brilliance through joint customer discussions.
Over the last decade or two, give or take a year, much has been said about Zero Trust. It started out as a buzzword that sounded intriguing in blog posts, seminars, and speeches on stage. The concept has evolved greatly and has moved from fashionable jargon to a design choice around managing the most important assets of any organization whether public or private - the data of customers and the intellectual property of the organization.
Of course, there is a way to achieve the outcomes presented by Zero Trust model - turn off the device, encase it in lead and concrete, and bury it in the yard. This book outlines more practical ways to manage risk related to security and helps demystify the concept. With all the challenges presented by the current state of economies plus the added pressures of End Users, there are better ways to reduce risk in the name of security while considering the ongoing consumer-like demands of End Users.
It seems that everyone wants beautiful devices with the latest software and technology. You’ll see, however, that a Zero Trust environment necessitates a modern environment which plays well into the evolving End User expectations and may even go beyond those demands as modern hardware and software align to automation and self-healing systems. The experience is that the stuff just works.
Many of us in IT have been hearing Zero Trust for some time. The advancements in tools, hardware, and software have started to bring the concept from a flashy term thrown out at a launch event to a more concrete methodology in how to ensure organizational data is secure. Along the way, this innovation has started to break down the tension of the consumer-minded end user communities to make it people friendly. This book helps each one of us move