Zero Trust

https://theotherfruit.org/with-zero-trust-architecture/

How do you make a home secure? Lock everything and only you hold the key. This is kind of the Zero Trust Architecture concept

Security models set their perimeters using say encryption, login protocols and firewalls. Somewhat like a gate around a physical property, inside that gate is the trusted perimeter

The trouble is once someone knows your login details or possibly controls your unlocked device, concurrently, they could access the ‘trusted perimeter’. They’re able to login. In other words, they use the obtained key to open the gate

The potential unknown of someone doing just this is a long recognized stumbling point for various types of collaboration processes, even for a body like the UN [215] While there are ongoing advancements in layering login protocols, increased complexity for verification as well as cross device checks, such as two-factor authentication, the possibly unknown actor problem persists

Instead of concentrating on one centralized access point, there is a way to further segment functions, to make each function or activity a gate itself. This applies to the first trusted perimeter and equally to all newly set ‘gates’ that follow. And with Zero Trust Architecture, the concept of “never trust, always verify” becomes its guiding ethos

We logically touch on microservices when shifting away from centralization. The microservice structure is one where each time you perform a different segmented function, you have the ability to call out to a different and even a unique location. Microservices will be detailed throughout following articles while here we focus primarily on Zero Trust Architecture

https://theotherfruit.org/library/

To make the Zero Trust Architecture concept more tangible, as a thought experiment, imagine that you’re invited to a house party. Let’s look at two possible security scenarios of attending this house party, using traditional or Zero Trust Architecture;

Traditional Architecture

Then you make your way to the bathroom (taking a moment to rummage through the medicine cabinet, just out of curiosity), and finally end up having a nice discussion whilst lounging on the living room couch. Easy. Done. Great party

The trouble is, should anyone else give your name at the gate, sufficiently fooling or bypassing the doorman, this person has utilized your key. They would have almost unrestricted access to the entire spread, as you would if it was actually you

Zero Trust Architecture

Then you use your key to open the kitchen door and again to take a drink. Then you use your key to open the door that leads out to the porch. Then you use your key again with the person your chatting to, so that you both know who is who

Then you use your key to open the bathroom door. Then again for the medicine cabinet, and again when entering the living room, and so on. Roughly and figuratively this could be referred to as granular perimeter security. Every [granular] function becomes segmented [having its own perimeter] thereby acting as a gate itself with each gate confirming your key

Making physical comparisons explains the principle but overlooks the benefits of digital implementation-

Meaning, if one had to physically perform all those additional actions during unlocking then, obviously, it would increase the time and energy required. It would be a hassle, no doubt. Extra steps would entail extra work and, therefore, this constant re-checking would become laboriously counterproductive. However, from a digital standpoint, Zero Trust key use can be imperceptibly fast

Goliaths such as Siemens and Google have been using variations of Zero Trust structures for a long time. The segmentation allows for compartmentalization of data as well as lateral tracking

Lateral tracking security analysis is made possible by the increased gates and associated ledger data. From a security perspective, the capacity for analysis processes like lateral tracking has multiple benefits

firstly

secondly

A red flag could be instantly raised if for years you’ve used your key like clockwork to follow a preferred usage pattern but, one day and out of the blue, your key is suddenly or unusually used to collate highly sensitive data or dig into never before touched areas

Because the key is used for each granular portion or function, there is a much better chance and now an existing method to stop unauthorized use

-

and

More broadly, particularly from a trust and reputation based marketplace example, there are long standing proposals for machine learning and economic advantages being derived [216] The ramifications of such could, when widely adopted, influence entire economic systems of trade and politics [217]

Extending this segmented and granular methodology is where microservices come in. Let’s break this out once more for microservices. Making a comparison between traditional centralized structures just imagine a functional website, say most any popular social media platform or online banking service;

Traditional Centralized Web Service

While the required work is happening these significant restructurings or renovations can have knock-on effects and various negative ramifications on usability for the rest of the site

Micro-Services + Zero Trust Architecture

This is where the structure gets exciting. As there is little distance between calling a service from one location or another, each gate can be set in its own individual or unique space. Each gate doesn’t have to rely on the same centralized host

So in using microservices, restructurings or renovations can be done specifically to one portion without affecting the usability of others. Each function, with all supporting peripherals, are able to act independently

Next articles will go into details and benefits of microservices, as well as the cross over functionalities with various distributed ledger technologies, digital security tokens and cryptocurrency use

This granular segmentation principle has amazingly beneficial implementations, for everything from direct real world engagement to actualized payments. It is a core philosophy behind the TOF® Biosphere

It has implementations into the realms of law, copyrighting, intellectual property control and beyond. Remember, throughout the real ‘key’ remains in always making choice personal

Thank you to those around the globe for all the kind words and support. You’re plucking awesome

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store