尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Zero trust in a hybrid architecture

Hybrid IT Europe
Hybrid IT Europe

Why is there zero trust in a hybrid architecture you may ask? Akamai Technologies' Patrick Sullivan discusses just that and more in his presentation.

Technology
1 of 24
Download to read offline
Zero Trust in Hybrid Architectures Patrick Sullivan Director: Security Strategy Akamai Technologies
Agenda • Drivers of change in a Hybrid environment • Zero Trust Overview • How to incorporate Zero Trust into your transition to Cloud
©2017 AKAMAI | FASTER FORWARDTM Golden Era of Network Perimeter App #2 App #1 App #3 ● Users & apps inside ● Inside = Trusted ● Walls work ● Threats remain outside
©2017 AKAMAI | FASTER FORWARDTM Applications Are Moving Outside App #2 App #1 App #3 ● IaaS & SaaS ● Hybrid ● Inconsistent visibility, security & control ● Confusing end-user experience
©2017 AKAMAI | FASTER FORWARDTM Users Have Moved Outside App #2 App #1 App #3 ● Mobile ● Digital ecosystem ● Global distribution ● Remote workers
©2017 AKAMAI | FASTER FORWARDTM Threats Are Moving Inside App #1 App #2 App #3 ● Security architecture vulnerabilities leveraged in complex attacks ● Malware, phishing & data exfiltration ● Credential theft ● Single factor authentication ● Lateral network movement
©2017 AKAMAI | FASTER FORWARDTM Zero trust Users & apps anywhere Verify & never trust Application access App #1 App #2 App #3 There is no inside... Current Trends Require Zero Trust App #2 App #1 App #3 Inside = trusted Users & apps inside Trust at Network Layer Full network access
©2017 AKAMAI | FASTER FORWARDTM “The data economy renders today's network, perimeter-based security useless. As businesses monetize information and insights across a complex business ecosystem, the idea of a corporate perimeter becomes quaint - even dangerous.” Excerpt from Forrester’s Future-Proof your Digital Business with Zero Trust Security
©2017 AKAMAI | FASTER FORWARDTM What’s Zero Trust? Security model evangelized by Forrester Research Key principles: ● The network is always assumed to be hostile. ● External and internal threats exist on the network at all times. ● Network locality is not sufficient for deciding trust in a network. ● Every device, user, and network flow is authenticated and authorized. ● Policies must be dynamic and calculated from as many sources of data as possible. John Kindervag
©2017 AKAMAI | FASTER FORWARDTM Rob Joyce: Chief NSA TAO USENIX Enigma 2016:”Disrupting Nation State Hackers”
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM Cloud, IoT, BYoD, Partner relationships all expand trust boundaries “What are you doing to shore up the trust boundary of the things you really must defend?” “Most networks….Big castle walls…Hard outer shell….Soft gooey center”
©2017 AKAMAI | FASTER FORWARDTM Case Study: Google BeyondCorp
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM Akamai Architecture Laptop Micro Perimeter Apps Enterprise App Access
©2017 AKAMAI | FASTER FORWARDTM Browser Based Access & No Public IP
©2017 AKAMAI | FASTER FORWARDTM Hybrid Zero Trust Architecture Data Center App #3 Cloud App SaaS App App #1 App #2 Branch Roaming Global Proxy Platform > Performance Overlay > WAF, AntiBot Enterprise Connector > Secure dial-out > Deployed as VM or container Global Proxy Platform > Connection establishment > Single sign-on > Multi-factor authentication
Better Security and Better Performance Before = 10.5 sec. After = 5.5 sec.
©2017 AKAMAI | FASTER FORWARDTM Divorce Trust from Network Topology as you adopt Hybrid IT
©2017 AKAMAI | FASTER FORWARDTM Authenticate everything, Encrypt everything Users, devices and apps - data in transit and at rest
©2017 AKAMAI | FASTER FORWARDTM Centralize policy definition, but distribute policy enforcement
©2017 AKAMAI | FASTER FORWARDTM Treat trust as dynamic and situational
©2017 AKAMAI | FASTER FORWARDTM Always verify with full visibility and logging
©2017 AKAMAI | FASTER FORWARDTM Summary • Zero Trust Security Architectures Reduce Risk and Complexity for a Hybrid Architecture • New Zero Trust Services are evolving very quickly • Consider Cloud Migration as an opportunity to migrate to a Zero Trust Architecture

Recommended

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 

Recommended

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
EyesOpen Association
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
bdemchak
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
Trust No One - Zero Trust on the Akamai Platform
Trust No One - Zero Trust on the Akamai PlatformTrust No One - Zero Trust on the Akamai Platform
Trust No One - Zero Trust on the Akamai Platform
Elisabeth Bitsch-Christensen
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
Akamai Technologies
 

More Related Content

What's hot

What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
EyesOpen Association
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
bdemchak
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 

What's hot (20)

What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 

Similar to Zero trust in a hybrid architecture

Trust No One - Zero Trust on the Akamai Platform
Trust No One - Zero Trust on the Akamai PlatformTrust No One - Zero Trust on the Akamai Platform
Trust No One - Zero Trust on the Akamai Platform
Elisabeth Bitsch-Christensen
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
Akamai Technologies
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nube
CSA Argentina
 
How to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No OneHow to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No One
Elisabeth Bitsch-Christensen
 
TL;DR Web Performance Workshop
TL;DR Web Performance WorkshopTL;DR Web Performance Workshop
TL;DR Web Performance Workshop
Gareth Hughes
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
Zscaler
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Six Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & VendorsSix Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & Vendors
Bomgar
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
Akamai Technologies
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Security
patmisasi
 
CheckPoint Software
CheckPoint SoftwareCheckPoint Software
CheckPoint Software
Janis Gloystein
 
Big data - Intelligence Driven Security, Roy Katmor
Big data - Intelligence Driven Security, Roy KatmorBig data - Intelligence Driven Security, Roy Katmor
Big data - Intelligence Driven Security, Roy Katmor
MIT Forum of Israel
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
Forcepoint LLC
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
Zscaler
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
TEUNO Summit - Presentaciones
TEUNO Summit - PresentacionesTEUNO Summit - Presentaciones
TEUNO Summit - Presentaciones
TEUNO
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
Zscaler
 

Similar to Zero trust in a hybrid architecture (20)

Trust No One - Zero Trust on the Akamai Platform
Trust No One - Zero Trust on the Akamai PlatformTrust No One - Zero Trust on the Akamai Platform
Trust No One - Zero Trust on the Akamai Platform
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nube
 
How to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No OneHow to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No One
 
TL;DR Web Performance Workshop
TL;DR Web Performance WorkshopTL;DR Web Performance Workshop
TL;DR Web Performance Workshop
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
Six Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & VendorsSix Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & Vendors
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Security
 
CheckPoint Software
CheckPoint SoftwareCheckPoint Software
CheckPoint Software
 
Big data - Intelligence Driven Security, Roy Katmor
Big data - Intelligence Driven Security, Roy KatmorBig data - Intelligence Driven Security, Roy Katmor
Big data - Intelligence Driven Security, Roy Katmor
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
TEUNO Summit - Presentaciones
TEUNO Summit - PresentacionesTEUNO Summit - Presentaciones
TEUNO Summit - Presentaciones
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
 

Recently uploaded

Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
Kieran Kunhya
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
Cynthia Thomas
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
Larry Smarr
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to SuccessMongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
ScyllaDB
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
Overkill Security
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
Knoldus Inc.
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
DianaGray10
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
ThousandEyes
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB
 
ScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDCScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDC
ScyllaDB
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
NTTDATA INTRAMART
 

Recently uploaded (20)

Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
 
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to SuccessMongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
 
ScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDCScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDC
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
 

Zero trust in a hybrid architecture

  • 1. Zero Trust in Hybrid Architectures Patrick Sullivan Director: Security Strategy Akamai Technologies
  • 2. Agenda • Drivers of change in a Hybrid environment • Zero Trust Overview • How to incorporate Zero Trust into your transition to Cloud
  • 3. ©2017 AKAMAI | FASTER FORWARDTM Golden Era of Network Perimeter App #2 App #1 App #3 ● Users & apps inside ● Inside = Trusted ● Walls work ● Threats remain outside
  • 4. ©2017 AKAMAI | FASTER FORWARDTM Applications Are Moving Outside App #2 App #1 App #3 ● IaaS & SaaS ● Hybrid ● Inconsistent visibility, security & control ● Confusing end-user experience
  • 5. ©2017 AKAMAI | FASTER FORWARDTM Users Have Moved Outside App #2 App #1 App #3 ● Mobile ● Digital ecosystem ● Global distribution ● Remote workers
  • 6. ©2017 AKAMAI | FASTER FORWARDTM Threats Are Moving Inside App #1 App #2 App #3 ● Security architecture vulnerabilities leveraged in complex attacks ● Malware, phishing & data exfiltration ● Credential theft ● Single factor authentication ● Lateral network movement
  • 7. ©2017 AKAMAI | FASTER FORWARDTM Zero trust Users & apps anywhere Verify & never trust Application access App #1 App #2 App #3 There is no inside... Current Trends Require Zero Trust App #2 App #1 App #3 Inside = trusted Users & apps inside Trust at Network Layer Full network access
  • 8. ©2017 AKAMAI | FASTER FORWARDTM “The data economy renders today's network, perimeter-based security useless. As businesses monetize information and insights across a complex business ecosystem, the idea of a corporate perimeter becomes quaint - even dangerous.” Excerpt from Forrester’s Future-Proof your Digital Business with Zero Trust Security
  • 9. ©2017 AKAMAI | FASTER FORWARDTM What’s Zero Trust? Security model evangelized by Forrester Research Key principles: ● The network is always assumed to be hostile. ● External and internal threats exist on the network at all times. ● Network locality is not sufficient for deciding trust in a network. ● Every device, user, and network flow is authenticated and authorized. ● Policies must be dynamic and calculated from as many sources of data as possible. John Kindervag
  • 10. ©2017 AKAMAI | FASTER FORWARDTM Rob Joyce: Chief NSA TAO USENIX Enigma 2016:”Disrupting Nation State Hackers”
  • 11. ©2017 AKAMAI | FASTER FORWARDTM
  • 12. ©2017 AKAMAI | FASTER FORWARDTM Cloud, IoT, BYoD, Partner relationships all expand trust boundaries “What are you doing to shore up the trust boundary of the things you really must defend?” “Most networks….Big castle walls…Hard outer shell….Soft gooey center”
  • 13. ©2017 AKAMAI | FASTER FORWARDTM Case Study: Google BeyondCorp
  • 14. ©2017 AKAMAI | FASTER FORWARDTM
  • 15. ©2017 AKAMAI | FASTER FORWARDTM Akamai Architecture Laptop Micro Perimeter Apps Enterprise App Access
  • 16. ©2017 AKAMAI | FASTER FORWARDTM Browser Based Access & No Public IP
  • 17. ©2017 AKAMAI | FASTER FORWARDTM Hybrid Zero Trust Architecture Data Center App #3 Cloud App SaaS App App #1 App #2 Branch Roaming Global Proxy Platform > Performance Overlay > WAF, AntiBot Enterprise Connector > Secure dial-out > Deployed as VM or container Global Proxy Platform > Connection establishment > Single sign-on > Multi-factor authentication
  • 18. Better Security and Better Performance Before = 10.5 sec. After = 5.5 sec.
  • 19. ©2017 AKAMAI | FASTER FORWARDTM Divorce Trust from Network Topology as you adopt Hybrid IT
  • 20. ©2017 AKAMAI | FASTER FORWARDTM Authenticate everything, Encrypt everything Users, devices and apps - data in transit and at rest
  • 21. ©2017 AKAMAI | FASTER FORWARDTM Centralize policy definition, but distribute policy enforcement
  • 22. ©2017 AKAMAI | FASTER FORWARDTM Treat trust as dynamic and situational
  • 23. ©2017 AKAMAI | FASTER FORWARDTM Always verify with full visibility and logging
  • 24. ©2017 AKAMAI | FASTER FORWARDTM Summary • Zero Trust Security Architectures Reduce Risk and Complexity for a Hybrid Architecture • New Zero Trust Services are evolving very quickly • Consider Cloud Migration as an opportunity to migrate to a Zero Trust Architecture
  翻译: