Skip to main content

Zero Trust Knowledge Base (ZTKB)

Purpose

  • Organized and up to date list of the best zero trust resources
  • Demystify Zero Trust Marketing from reality
  • Have Suggestions? Let us Know!
warning

If you work in product marketing, this knowledge base might contradict your asinine marketing ploys!

Zero Trust Definition

NIST's definition of Zero Trust:


Some History of Zero Trust

2004

An international group of corporate CISOs and vendors known as the Jericho Forum focuses on solving the "de-perimeterization" problem. They call for "the need for trust."

Jericho Forum's Identity Commandments

2009

Forrester coins the term "Zero Trust"

2014

Google release BeyondCorp, the first Zero Trust architecture

info

"The concept of zero trust has been present in cybersecurity since before the term “zero trust” was coined."
NIST SP 800-207

Zero Trust vs Traditional Perimeter Based Defense

Castle & Moat

  • In traditional, perimeter based defense, trust is based on the network location that an access request is coming from.

  • Once attackers are in the network, they can move laterally with a network get to get to an organization's 'crown jewels' - that is, its most valuable data.

  • The traditional model is antiquated. It does not extend security to the new perimeter of cloud, mobile, and hybrid environments.

Zero Trust Outcomes

Zero Trust Outcomes​