Employees of federal, state and local governments; and businesses working with the government.
Learn what zero trust security is, how it solves typical security issues, and how to implement it in your environment.
Zero trust security is not a new concept, but it has gained much more interest in the last couple of years as organizations of all kinds (government, for profit, nonprofit) realize that their traditional security approach doesn’t work as well as they need. For example, in mid 2021, the US Federal CISO (Chief Information Security Officer) Chris DeRusha said the White House will push all federal agencies toward a “zero trust paradigm.”
Traditionally, organizations would put a lot of effort into preventing access to resources from the outside world while leaving internal access relatively open, because all their employees were in the same building, using devices managed by the organization. If a malicious person wanted to get access to the organization’s resources, they would need to gain physical access to the building, which was quite difficult to do.
Now, with the ubiquity of connectivity (direct links with customers and suppliers, Internet of Things, remote work, etc.), everything changes. Accessing “internal” resources via the Internet is much easier than gaining physical access to the building. And the “lock ‘em out” approach is much less effective. Trusting a user because of who they are or their location or the device they are using becomes problematic – especially since all of those things can be spoofed.
Zero trust security is a concept that eliminates trusted locations, people, devices, or anything else. Instead of having unrestricted access to internal networks from certain locations or devices, you require authentication and authorization from everywhere and at all times. This may seem like an unnecessary complication, but it actually makes things simpler. By implementing zero trust security, teams can focus on one solution that works best in all circumstances. And hackers no longer get access to everything just because they succeeded in a single exploit.
While zero trust sounds like it refers to user access, we can’t forget about applications talking to one another. Traditionally, there weren’t many security constraints when it came to applications or containers networking. Normally, once the firewall rule was open from server A to server B, you could send any type of traffic. In the zero trust networking model, you change that. Instead of traditional IP:PORT combination type firewalls, you implement transaction-level controls.
Every necessary transaction is defined and the access rules for each are defined. Then when a particular application or devise or container needs to access a particular resource it requests permission to perform a well-defined transaction.
In this course, you’ll learn all about zero trust security. We’ll teach you the basics starting from understanding what “trust” actually is and where the zero trust model came from. Then, we’ll move to design considerations, and, after that, we’ll start discussing the actual technical implementation details.
In this class you will learn to:
- Implement Zero Trust tenets and concepts in your organization.
- Design Zero Trust Architecture
- Assess your organization readiness for Zero Trust
- Mature your Zero Trust Implementation
Professionals who may benefit include:
- Anyone in an IT Leadership role
- CIOs / CTOs /CSO
- Security Administrators
- Any Security Staff
- System Administrators
- IT Operations Staff
- Release Engineers
- Configuration Managers
- Anyone involved with IT infrastructure
- Developers and Application Team leads
- Software Managers and Team Leads
- IT Project & Program Managers
- Product Owners and Managers
- Brief Evolution of IT Security
- The Perimeter Model
- Brief Threat Landscape History
- Problems with the Traditional Model
- Brief History of Zero Trust
- Zero Trust AuthN & AuthZ
- Zero Trust Tenants
- Zero Trust Basic Concepts
- Zero Trust Network Design Part 1
- Zero Trust 5 Steps of Transformation
- Zero Trust Threats
- Zero Trust Access Control
- Zero Trust Risk Management
- Zero Trust Governance
- Zero Trust Vendor Selection
- Zero Trust Reference Architecture
- Zero Trust Network Design Part 2
- Zero Trust Implementation
- Zero Trust Migration
- Zero Trust Challenges
- Zero Trust Wrap Up