Implementing Zero Trust Security

Build It Yourself or Buy It?

At one level, zero trust is a methodology – a means for organizing the network. In theory, you could build a zero trust implementation yourself using components available within the Linux environment. However, there are other ways to implement zero trust. Several companies on the market specialize in zero trust implementations. For instance, Google is considered a pioneer with its BeyondCorp principle and has long since shaped zero trust into a product complete with bells and whistles.

Anyone who wants to introduce zero trust quickly and comprehensively can commission Google to implement it. But there is a catch, of course: If you order everyday services such as email or office applications from Google, your data will inevitably end up in the Google cloud. However, the cloud is perfectly prepared for zero trust because it supports a connection to Active Directory and other authentication mechanisms and implements consistent rights management across the Googleverse.

Other service providers are also helping companies migrate to zero trust. Their offerings range from consultancy-only to ready-made cloud-based suites. From a European point of view, you need to keep in mind in all dealings with US-based providers that the US CLOUD Act and the GDPR cannot be reconciled. For European companies, the switch to zero trust is by no means a push-of-the-button experience but requires long-term planning in advance to ensure compliance with GDPR privacy requirements.

Complex but Necessary

Companies would do well to address zero trust as soon as possible. Overloaded VPN gateways and a collection of legacy firewall rules that no one understands anymore (created by employees who left the company years ago) are no match for the security threats of today. It is better to take the plunge soon rather than continuing to operate forever with 1990s-era security.

Infos

  1. Zero Trust Security Model: https://en.wikipedia.org/wiki/Zero_trust_security_model
  2. Jericho Forum Commandments: https://collaboration.opengroup.org/jericho/commandments_v1.2.pdf
  3. NIST SP 800-207 Zero Trust Architectures: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
  4. NCSC Network Architectures: https://www.ncsc.gov.uk/collection/device-security-guidance/infrastructure/network-architectures
  5. RASCI Responsibility Matrix: https://en.wikipedia.org/wiki/Responsibility_assignment_matrix

The Author

Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Ceph.

« Previous 1 2 3

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Kernel News

    Zack Brown reports on: Trusted Computing and Linux; Load Balancer Improvements; and New Random Number Handling.

    more »
  • Welcome

    The eyes of the tech world are all on Google with the announcement that Google's Compute Engine cloud service is now open to the public. The new service is Google's answer to Amazon's AWS cloud system and is poised to capture some of the same customers. Many are predicting Compute Engine will be a game changer, as the sports addicts would say: a historic move that will change the whole landscape – and they might be right. If anyone has the power and personnel to take on Amazon, it is definitely Google, although it is worth remembering that, after striking it rich with search, Google's later attempts to swallow whole industries have not always been as successful as the experts predicted. (Anyone remember when Google Wave was supposed to take down Facebook?)

    more »
  • P2P Networks

    Many users associate the term P2P with BitTorrent and the (not always legal) exchange of files. But peer-to-peer networks offer an option for anonymously offering websites and other services. We examine five popular alternatives for P2P networking.

    more »
  • Pi Zero USB Gadget

    In just a few simple steps, you can turn a Pi Zero into a universal USB flash drive that emulates storage, a serial port, Ethernet, and more.

    more »
  • Smart Access Intro

    Maybe password security isn't perfect, but most networks depend on it. This month we examine some tools for smarter, more versatile authentication.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Events Hardware Linux Linux Pro Magazine Mobile Programming Security Software Ubuntu Web Development Windows free software open source