I am learning more about Zero Trust every day… and often find that it becomes a very technical discussion. I like it as there is a lot to learn, though its also hard to engage with other non technical business users.
So… I thought to have a go at defining the Non technical business requirements
Let me know your thoughts
Do they make sense?
Are there any other requirements missing?
- Provide public access to public facing information such as website content
- Keep public information separate to private information
you can implement this better with Ziti as it provides more granular segmentation
- Only authorised people can access private information
already filled assuming credentials are not compromised
you can get more specific with Ziti… along with… reduce the scope of an attack if credentials are compromised
- Allow access to private information only over an invisible network end point to end point
you get the deepest invisibility with Ziti, down to the individual identity level
other alternatives restrict only to the host level
- Limit a malicious attack to the most granular component
this is why app embedded networks are so important because they offer the most granular level of protection