Chapter 3. Network Agents
Imagine youâre in a security-conscious organization. Each employee is given a highly credentialed laptop to do their work. With todayâs work and personal life blending together, some also want to view their email and calendar on their phone. In this hypothetical organization, the security team applies fine-grained policy decisions based on which device the user is using to access a particular resource.
For example, perhaps it is permissible to commit code from the employeeâs company-issued laptop, but doing so from their phone would be quite a strange thing. Since source code access from a mobile device is decidedly riskier than from an enrolled laptop, the organization blocks such access.
The story described here is a fairly typical application of zero trust, in that multiple factors of authentication and authorization take place, concerning both the user and the device. In this example, however, it is clear that one factor has influenced the otherâa user which might ânormallyâ have source code access wonât enjoy such access from their mobile device. Additionally, this organization does not want authenticated users to commit code from just any trusted deviceâthey expect users to use their own device.
This marriage of user and device is a new concept that zero trust introduces, which we are calling a network agent. In a zero trust network, it is insufficient to treat the user and device separately, because policy often needs to consider ...
Get Zero Trust Networks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
