Zero trust journey across the digital estate
"Today's organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, apps, and data wherever they're located. The zero trust idea has been gradually gaining momentum over...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Boca Raton, Florida ; London :
CRC Press
[2023]
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009809023206719 |
Tabla de Contenidos:
- Cover
- Half Title
- Title
- Copyright
- Dedication
- Contents
- Author Biographies
- Foreword
- Acknowledgment
- Introduction
- What Is Unique about This Book?
- Additional Resources
- Part 1 History, Introduction, and Fundamentals of Zero Trust
- 1 History of and Introduction to Zero Trust
- 1.1 Driving Forces
- 1.2 What Is Zero Trust?
- 1.3 The Inception of Zero Trust Concept
- 1.3.1 Cloud Security Alliance's Software Define Perimeter and Zero Trust
- 1.3.2 Google's BeyondCorp Zero Trust Model
- 1.3.3 Gartner's CARTA Framework for Zero Trust
- 1.3.3.1 CARTA's Zero Trust Implementation Approach
- 1.3.4 Netflix's LISA Model for Zero Trust
- 1.3.4.1 LISA Principles
- 1.3.5 Forrester's ZTX Framework
- 1.3.6 NIST SP 800:207 Zero Trust Framework
- 1.3.6.1 NIST's Zero Trust Architecture Foundation
- 1.3.6.2 Policy Engine
- 1.3.6.3 Policy Administrator
- 1.3.6.4 Policy Enforcement Point
- 1.3.7 The Open Group Zero Trust's Approach
- 1.3.7.1 Key Requirements for Zero Trust as per the Open Group
- 1.3.7.2 Organizational Value and Risk Alignment
- 1.3.7.3 Guardrails and Governance
- 1.3.7.4 Technology
- 1.3.7.5 Security Controls
- 1.3.8 Microsoft's Zero Trust Principles
- 1.4 Why Zero Trust Is Important
- 1.5 Benefits of Zero Trust
- 1.6 Zero Trust Principle Redefined
- 1.6.1 Re-Examine All Default Access Controls
- 1.6.2 Micro-Segmentation
- 1.6.3 Preventing Lateral Movement
- 1.6.4 Leverage a Variety of Preventative Techniques
- 1.6.5 Enable Real-Time Monitoring and Controls to Identify and Halt Malicious Activity Quickly
- 1.6.6 Align to the Broader Security Strategy
- 1.7 Zero Trust for Everyone
- 1.7.1 Government
- 1.7.2 Enterprises
- 1.7.3 Small and Medium Businesses
- 1.7.4 Consumers
- 1.8 Chapter Summary
- 2 Zero Trust - Disrupting the Business Model.
- 2.1 Why Business Leaders Care about Zero Trust
- 2.1.1 Agility Fuels Digital Transformation
- 2.1.2 The New (Reduced) Cost of Doing Business
- 2.1.3 Business Leaders' Commitment to Support Zero Trust Adoption
- 2.2 Zero Trust Starts with a Culture
- 2.2.1 Know Your Organization
- 2.2.2 Inspire Trust
- 2.2.3 Managing Up and Around
- 2.2.4 A Philosophy of Ownership
- 2.3 Paradigm Shift in the Business Model
- 2.4 Zero Trust Security Is Vital for Hybrid Work
- 2.5 Human Elements of Zero Trust
- 2.5.1 Role of the Chief Information Officer
- 2.5.2 Role of Security Professionals
- 2.5.3 Using a Zero Trust Framework to Solve the Skills Gap
- 2.5.4 Role of Employees
- 2.6 Chapter Summary
- Part 2 Current Status and Best Practices of the Zero Trust Journey
- 3 Zero Trust Maturity and Implementation Assessment
- 3.1 Need for a Zero Trust Maturity Model
- 3.2 Our Unique Approach to a Zero Trust Maturity Model
- 3.2.1 Zero Trust Cybersecurity Maturity Assessment Toolkit
- 3.2.2 How to Use the Zero Trust Cybersecurity Maturity Assessment Tool?
- 3.3 Microsoft's Three-Stage Maturity Model
- 3.3.1 Zero Trust Assessment Using Microsoft Compliance Manager
- 3.3.1.1 First Thing First: What Is Compliance Manager?
- 3.3.1.2 Zero Trust Integration for the Data Protection Baseline Template
- 3.4 CISA's Zero Trust Maturity Model
- 3.5 Forrester's ZTX Security Maturity Model
- 3.6 Palo Alto Zero Trust Maturity Assessment Model
- 3.7 Chapter Summary
- 4 Identity Is the New Security Control Plane
- 4.1 Why Identities and Why Now?
- 4.2 Identity - Building Trust in the Digital World
- 4.3 Implementation Pillars
- 4.3.1 Unification
- 4.3.1.1 Zero Trust Principle
- 4.3.1.2 Architecture Placement
- 4.3.1.3 Flow
- 4.3.1.4 Actionable Questions Checklist
- 4.3.1.5 Additional Focus Points and Considerations
- 4.3.1.5.1 End-to-End.
- 4.3.1.5.2 Web and Non-Web Perspectives
- 4.3.1.5.3 Service Accounts
- 4.3.2 Context
- 4.3.2.1 Zero Trust Principle
- 4.3.2.2 Architecture Placement
- 4.3.2.3 Flow
- 4.3.2.3.1 Behavioral Baseline Flow (Learning Phase)
- 4.3.2.3.2 Single Authentication Flow
- 4.3.2.4 Actionable Questions Checklist
- 4.3.2.5 Additional Focus Points and Considerations
- 4.3.2.5.1 Complete Authentication Trail
- 4.3.2.5.2 Behavioral Profile
- 4.3.2.5.3 Unified Risk Analysis
- 4.3.3 Enforcement
- 4.3.3.1 Zero Trust Principle
- 4.3.3.2 Architecture Placement
- 4.3.3.3 Flow
- 4.3.3.4 Actionable Questions Checklist
- 4.3.3.5 Additional Focus Points and Considerations
- 4.3.3.5.1 Complete Environment Coverage
- 4.3.3.5.2 Access Policies Zoom-In
- 4.3.3.5.3 Rule-Based Policies
- 4.3.3.5.4 Pattern-Based Policies
- 4.3.3.5.5 Risk-Based Policies
- 4.3.4 Granularity
- 4.3.4.1 Zero Trust Principle
- 4.3.4.2 Architecture Placement
- 4.3.4.3 Flow
- 4.3.4.4 Actionable Questions Checklist
- 4.3.4.5 Additional Focus Points and Considerations
- 4.3.4.5.1 Resource vs. Network Segment
- 4.3.4.5.2 From Segment to Resource
- 4.3.4.5.3 From Resource to Access Attempt
- 4.3.4.5.4 Recap of the Assume Breach Component
- 4.4 Priorities for Modernizing Identity
- 4.4.1 Priority 1: Unify Identity Management
- 4.4.1.1 Control 1.1: Enable Single Sign-On
- 4.4.1.2 Control 1.2: External Identities
- 4.4.1.3 Control 1.3: Enable Passwordless Approach When Possible
- 4.4.1.4 Control 1.4: Automatic Provisioning
- 4.4.1.5 Control 1.5: Device Integration
- 4.4.1.6 Control 1.6: Managed Identities
- 4.4.2 Priority 2: Implement Secure Adaptive Access
- 4.4.2.1 Control 2.1: Secure Adaptive Authentication
- 4.4.2.2 Control 2.2: Block Legacy Authentication
- 4.4.2.3 Control 2.3: Protect Against Consent Phishing
- 4.4.2.4 Control 2.4: Equal Focus on On-Prem Identity.
- 4.4.3 Priority 3: Identity and Access Governance
- 4.4.3.1 Control 3.1: Automate Provisioning and De-Provisioning
- 4.4.3.2 Control 3.2: Access Lifecycle Management and Separation of Duties
- 4.4.3.3 Control 3.3: Follow the Least Privilege Principle
- 4.4.4 Priority 4: Integrate and Monitor
- 4.4.4.1 Control 4.1: Log and Operationalize Identity Monitoring
- 4.4.4.2 Control 4.2: Integrate Identity for Auto Detection and Response
- 4.5 Chapter Summary
- 5 Zero Trust Architecture Components
- 5.1 Zero Trust Components Overview
- 5.2 Implementation Approach and Objectives
- 5.3 Protect the Data
- 5.4 Zero Trust in Multi-Cloud and Hybrid Environments
- 5.4.1 Customer Case Study: Zero Trust in the Hybrid Environment
- 5.4.1.1 About the Organization
- 5.4.1.2 Current Challenges
- 5.4.1.3 Top Three Challenges Faced While Implementing New Zero Trust Architecture
- 5.4.1.4 Impact and Benefits Achieved by a Zero Trust Project
- 5.5 Secure Access Service Edge and Zero Trust
- 5.5.1 Secure Access Service Edge Architecture Overview
- 5.5.1.1 Policy Evaluation and Enforcement Points
- 5.5.1.2 Microsoft Capabilities
- 5.5.2 Customer Case Study: Secure Access Service Edge Implementation
- 5.5.2.1 Current Situation and Current Challenges
- 5.5.2.2 Technology Solutions Used to Overcome the Challenges
- 5.5.2.3 Impact and Benefits Achieved
- 5.6 Identity Component
- 5.6.1 Identity Architecture Overview
- 5.6.1.1 Silverfort and Azure AD Integrated Identity Zero Trust Solution
- 5.6.1.2 Unification
- 5.6.1.3 Silverfort's "Bridging" Capability
- 5.6.1.4 Context
- 5.6.1.5 Enforcement
- 5.6.1.6 Granularity
- 5.6.1.7 Illustrative Example: Protecting PowerShell to Domain Controller Access
- 5.6.2 Customer Case Study: Unified Identity Management with Zero Trust
- 5.6.2.1 About the Organization
- 5.6.2.2 Current Challenges.
- 5.6.2.3 Technology Solutions Used to Overcome Existing Challenges
- 5.6.2.4 Top Three Challenges Faced While Implementing New Zero Trust Architecture
- 5.6.2.5 Benefits Achieved by Implementing Zero Trust Architecture
- 5.7 Endpoint or Devices Component
- 5.7.1 Endpoint or Devices Architecture Overview
- 5.7.1.1 Customer Case Study: Unified Endpoint or Device Management with Zero Trust
- 5.7.1.1.1 About the Organization
- 5.7.1.1.2 Current Challenges
- 5.7.1.1.3 Technology Solutions Used to Over the Challenges
- 5.7.1.1.4 Top 5 Challenges Faced While Implementing New Zero Trust Architecture
- 5.7.1.1.5 Impact and Benefits Achieved with Zero Trust Architecture
- 5.8 Application Component (on Prem, Legacy, Cloud, Mobile App)
- 5.8.1 Application Architecture Overview
- 5.9 Data Component
- 5.9.1 Data Architecture Overview
- 5.9.1.1 Mobile Application Management
- 5.9.1.2 End-to-End Encryption for Data Protection
- 5.9.2 Customer Case Study: Data Loss Prevention and Data Security Zero Trust
- 5.9.2.1 About the Organization
- 5.9.2.2 Current Situation Before the Zero Trust Model
- 5.9.2.3 Technology Solutions Used for Zero Trust Architecture
- 5.9.3 Top Three Challenges Faced While Implementing New Zero Trust Architecture
- 5.9.4 Impact and Benefits with Zero Trust Architecture
- 5.10 Infrastructure Component
- 5.10.1 Infrastructure Deployment Objectives
- 5.10.2 Network Component
- 5.10.3 Network Architecture Overview
- 5.10.3.1 Segment and Enforce the External Boundaries
- 5.10.3.2 Network Segmentation
- 5.10.3.3 Threat Protection
- 5.10.3.4 Encryption
- 5.11 Zero Trust and Operational Technology Component
- 5.11.1 A Practical Approach for Deploying Zero Trust for Operational Technology
- 5.11.2 Internet of Things and Operational Technology Architecture with Zero Trust Principles.
- 5.12 Zero Trust and Security Operation Center.
