Get every episode of every Packet Pushers podcast in one very fat, very handy feed! Because too much technology would never be enough. Includes Day Two Cloud, Heavy Networking, Heavy Strategy, Heavy Wireless, IPv6Buzz, Kubernetes Unpacked, and Network Break.
https://packetpushers.net/podcasts/
Heavy Networking 656: Embedding Zero Trust Into Applications
AAA (Authentication, Authorization, and Accounting) and Role-Based Access Control (RBAC) have been around for a long time. You can use them to build policies that let folks do precisely what they need, and no more. If someone with admin access blows up the network or an applicaiton, you’ve got a record of what happened. If a manager needs read-only access to do their job, you can give that to them.
In a world of breach presumption, zero day exploits, and endlessly patching CVEs, the way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications?
What does a security architecture like this look like? Who’s responsible to make it all work–netops, secops, devops, or everyone? And perhaps most concerning of all, where are the enforcement points in this zero-trust model? At the client? Embedded in the app? In a middlebox–some sort of exotic layer 7 firewall or proxy?
To help us answer these questions is Galeal Zino. Galeal is the founder and CEO at NetFoundry. Galeal has strong opinions about what zero trust embedded in applications should look like, and he’s entitled to those opinions. He’s one of the people responsible for OpenZiti, a free, open source software product delivering zero trust networking.
This is not a sponsored discussion. This conversation is a chance to dig into the big ideas of a zero trust security model, and consider how your network and the apps you run on them would fit. Don’t forget to consider how a model like this would change your day-to-day ops. While I am intrigued by the model we’re going to discuss today, there are practical impacts to ops. As my friend Russ White is fond of saying, “If you haven’t found the tradeoffs, you haven’t looked hard enough.”
Sponsor: ITProTV
Start or grow your IT career with online training with ITProTV. Learn IT, pass your certs, and get a great job! Visit itpro.tv/packetpushers and use the promo code PACKETPUSHERS at checkout to get 30% off all plans.
Show Links:
Galeal Zino on LinkedIn
OpenZiti on GitHub
OpenZiti Tech Blog
Day Two Cloud 142: OpenZiti Serves Up Zero Trust For Applications (Sponsored)