Chapter 9. Realizing a Zero Trust Network

This chapter will help readers develop a strategy for taking the knowledge in previous chapters and applying it to their system. Zero trust networks are very likely to be built around existing systems, so this chapter will focus on how to make that transition successfully.

It’s important to remember that zero trust is not a product that can be bolted onto the network. It is a set of architectural principles which are applied based on the needs and constraints of the network. Therefore, this chapter cannot provide a checklist of changes to be made, but rather a framework for how to approach realizing in a zero trust network in your own system.

Choosing Scope

Before setting out to build a zero trust network, it is important to choose the proper scope for the effort. A very mature zero trust network will have many interacting systems. For a large organization, constructing these systems might be feasible, but for smaller organizations, the number and complexity of those systems may make a zero trust network seem out of reach.

It’s important to remember that the zero trust architecture is an ideal to work toward instead of a list of requirements that must be met completely from day one. This is no different than perimeter-based networks. Less mature networks may initially choose a simple network design to reduce the complexity of administration. As the network matures and the risk of a breach increases, the network will need to be redesigned ...

Get Zero Trust Networks now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.