Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by Guilherme (Gui) Alvarenga
How GitHub Uses GitHub to Be Productive and Secure
May 31st 2023 10:30am, by Loraine Lawson
Top 3 Application Security Must-Haves
May 26th 2023 7:59am, by Guilherme (Gui) Alvarenga
Cloud Native Skill Gaps are Killing Your Gains 
May 22nd 2023 7:15am, by Victoria Wright
A Boring Kubernetes Release
May 19th 2023 12:23pm, by Alex Williams
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by Steven J. Vaughan-Nichols
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How to Containerize a Python Application with Paketo Buildpacks
May 29th 2023 5:00am, by Sylvain Kalache
Can Rancher Deliver on Making Kubernetes Easy?
May 27th 2023 7:00am, by Jack Wallen
Red Hat Podman Container Engine Gets a Desktop Interface
May 23rd 2023 7:30am, by Joab Jackson
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by Jason Myers
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by Alex Handy
Building a Plant Monitoring Tool with IoT
May 8th 2023 9:27am, by Zoe Steinkamp
How to Choose and Model Time Series Databases
Apr 28th 2023 3:00am, by Robert Kimani
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by Susan Hall
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Spring Cloud Gateway: The Swiss Army Knife of Cloud Development
May 8th 2023 6:47am, by Juergen Sussner
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
WithSecure Pours Energy into Making Software More Efficient
Jun 1st 2023 7:14am, by Joe Fay
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
How to Decide Between a Layer 2 or Layer 3 Network
Apr 25th 2023 10:00am, by Gino Dion
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
IBM's Quiet Approach to AI, Wasm and Serverless
May 4th 2023 6:00am, by Loraine Lawson
Cloud Control Planes for All: Implement Internal Platforms with Crossplane
Apr 13th 2023 10:00am, by Bassam Tabbara
The Architect’s Guide to Storage for AI
Jun 1st 2023 7:44am, by Keith Pijanowski
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by Jennifer Riggins
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by Doug Flora
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by Rick Houlihan
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by Casey Samulski
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by
LangChain: The Trendiest Web Framework of 2023, Thanks to AI
Jun 1st 2023 10:57am, by
30 Non-Trivial Ways for Developers to Use GPT-4
Jun 1st 2023 9:39am, by
Bluesky vs. Nostr — Which Should Developers Care About More?
May 30th 2023 7:51am, by
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by
API Management Is a Commodity: What’s Next?
Jun 6th 2023 9:59am, by
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by
Where Does Trace-Based Testing Fit in the Testing Pyramid?
Jun 5th 2023 7:52am, by
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
Dev News: Angular v16, plus Node.js and TypeScript Updates
Apr 22nd 2023 4:00am, by
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by
Python and WebAssembly: Elevating Performance for Web Apps
Jun 5th 2023 3:00am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by
New Image Trends Frontend Developers Should Support
May 25th 2023 6:00am, by
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
A Boring Kubernetes Release
May 19th 2023 12:23pm, by
Optimizing Mastodon Performance with Sidekiq and Redis Enterprise
May 18th 2023 10:30am, by and
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by
Bringing AI to the Data Center 
Jun 1st 2023 6:13am, by
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by and
API Management Is a Commodity: What’s Next?
Jun 6th 2023 9:59am, by
Meta-Semi Is an AI Algorithm That 'Learns How to Learn Better'
Jun 6th 2023 3:00am, by
Donald Knuth Asked ChatGPT 20 Questions. What Did We Learn?
Jun 4th 2023 6:00am, by
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by
Google’s Generative AI Stack: An In-Depth Analysis
May 31st 2023 7:59am, by
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by
Compiled Python Code Used in a New PyPI Attack
Jun 2nd 2023 6:00am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
PyPI Strives to Pull Itself Out of Trouble
Jun 1st 2023 11:43am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by Paige Cruz
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by Michael Coté
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
How to Host Your Own Platform as a Product Workshop
May 31st 2023 9:09am, by Jennifer Riggins
Take a Platform Engineering Deep Dive at PlatformCon 2023
May 26th 2023 10:00am, by Carrie Tang
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by B. Cameron Gain
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by B. Cameron Gain
The Cedar Programming Language: Authorization Simplified
Jun 2nd 2023 6:07am, by Alex Williams
How to Improve Operational Maturity in an Economic Downturn
May 31st 2023 8:30am, by Jonathan Rende
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by Joao Pedro Voltani and Joao Granzotti
Is DevOps Tool Complexity Slowing Down Developer Velocity?
May 17th 2023 6:29am, by Heather Joslyn and Lawrence E Hecht
AI Has Become Integral to the Software Delivery Lifecycle
May 12th 2023 11:01am, by Richard MacManus
4 Core Principles of GitOps
May 11th 2023 2:17pm, by Alex Williams
5 Version-Control Tools Game Developers Should Know About
May 9th 2023 10:00am, by Sharone Zitzman
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
May 8th 2023 10:00am, by Mike Long
Donald Knuth Asked ChatGPT 20 Questions. What Did We Learn?
Jun 4th 2023 6:00am, by David Cassel
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by David Eastman
Defend Open Source from Trolls: Oppose Patent Rule Changes
Jun 2nd 2023 6:49am, by Michael Dolan
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by David Cassel
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by Paige Cruz
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by Michael Coté
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
Open Source Jira Alternative, Plane, Lands
Jun 2nd 2023 9:00am, by Darryl K. Taft
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by Susan Hall
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by B. Cameron Gain
My Further Adventures (and More Success) with Rancher
Jun 3rd 2023 7:00am, by Jack Wallen
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by Susan Hall
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
Observability: Working with Metrics, Logs and Traces
May 22nd 2023 8:23am, by Jessica Wachtel
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by Loraine Lawson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
Networking / Security

Zero Trust Adoption: 4 Steps to Implementation Success

Want to know how to implement a zero trust architecture? Follow these four steps for successful implementation in your organization.
Jun 21st, 2022 4:00am by
Featued image for: Zero Trust Adoption: 4 Steps to Implementation Success

According to the Fortinet The State of Zero Trust Report, most organizations claim to either have zero trust access (ZTA) or zero trust network access (ZTNA) strategy either in place or in active deployment. However, most also report that they cannot consistently authenticate users or devices and struggle to monitor users after authentication. Additionally, many organizations also report that implementing zero trust across an extended network is difficult.

Here are four steps experts recommend for Zero Trust implementation.

1. Start Small

Zero trust protection is it is not an all-encompassing architecture. The most successful implementations of zero trust implementation start small, focusing on critical assets with the highest risk profiles, and then leverage a discover, observe and control adoption philosophy, said Kate Kuehn, vArmour senior vice president. “This enables organizations to not have to in essence boil the ocean and try and adopt unilateral controls too quickly, but instead lock down their crown jewels and understand the relationships those assets have to address resilience planning in a phased approach.”

One of the biggest mistakes we see when implementing zero trust is insufficient investing in visibility, observability, and analytics across the organization, Kuehn added. “Without visibility, companies are limited and can’t quickly mobilize to identify or prevent threats to the entire enterprise. Zero Trust is here to stay; while it’s only the first step to dynamic, proactive security, it’s an essential foundation that every organization needs to modernize its security posture.”

2. Authenticate People, Devices

The zero trust implementation model should include authenticating users, machine identities, or other components, ideally based on credentials as well as other factors like device identifier and location said Jacob Ansari, Schellman security advocate, and emerging cyber trends analyst. “It should also include clear ideas of authorization for what permissions that identity has. Further, authorization should make use of a careful definition of least privilege, which means that someone needs to carefully determine what identities should be able to do and not do.

Some of the easy wins involve securing remote access, Ansari added. While not zero trust, per se, using secure remote access with good multifactor authentication is an essential component of a functional zero trust model. Secondly, start looking at machine identities like service accounts or non-user principals for systems or cloud services or APIs.

Make sure someone knows what these identities do, what rights they should have, and how they authenticate. If any API endpoints or the like don’t require authentication or the tokens or other credentials have been exposed through public repositories, require stronger authentication. If service accounts require root user privileges, start the engineering efforts to change how those applications work, so that you no longer rely on risky elements like superuser privileges for service accounts.

3. Use Comprehensive Processes

To ensure success in zero trust implementation, an organization must have a comprehensive adoption strategy covering technology, processes, and people, according to Arun “Rak” Ramchandran, Hexaware global head, digital core transformation.

“Today, technology changes faster than humans can comprehend,” Ramchandran said. “For example, AI and machine learning (ML) have been on an evolutionary path to the point where artificial intelligence is evolving all by itself. AI advances effectively with zero human input.”

To assure that zero trust works in perpetuity, organizations must have periodic audits and recalibration to see how the zero trust environment needs to be updated, Ramchandran added. “There are always state-owned actors within a network who can compromise the network.”

The greatest threat to the system is people in two ways — those creating programs to compromise the zero trust network, and people becoming complacent about protecting it. Human complacency is enemy number one in assuring zero trust data protection.

4. Include Policy Automation Technologies

On its way to beginning an industry-wide standard, zero trust is becoming more broadly adopted, said Yash Prakash, Saviynt’s chief strategy officer. Many security leaders and practitioners have focused their attention on deploying identity-based solutions and building identity-centric architectures. For zero trust implementation, organizations must incorporate three core policy components:

  • A policy engine that decides to grant, deny or revoke access to resources for all entities that request to do so. Risk and trust scores are determined in real-time to serve as the basis for each decision.
  • A policy administration engine that can establish and terminate the connection between an entity and a resource. Relying on decisions made by the policy engine, the administrator generates authentication tokens or credentials for each session.
  • A policy enforcement point to enable and monitor ongoing connections between entities and enterprise resources.

How to Build a Zero Trust Architecture?

Zero trust networks enhance security by implementing most minor privilege access controls and eliminating the need for trusted insiders, explained Nicola Davolio, Hupry CEO. Every user and device must be verified and authenticated before being given access to any resource. This approach eliminates the reliance on perimeter defenses, which can be breached, and instead creates an internal security posture that is much more difficult to exploit.

This approach has many benefits, chief among them being that it helps prevent data breaches and limits the damage that can be done even if a breach does occur. Davolio added. Dramatically reducing the number of users who have unrestricted access to your systems and data makes it much harder for attackers to move later.

How to Adopt a Zero Trust model?

Implementing a zero trust architecture requires operational strategy, policies, products, and integrations to work in harmony, said Bryon Hundley, Retail & Hospitality ISAC vice president of intelligence operations. Each organization’s zero trust implementation process will be different, but typically will include the following steps:

  • Identify sensitive data and segment the network.
  • Classify and map acceptable routes for data access.
  • Create microsegmentation around sensitive data.
  • Monitor the environment with security analytics.

What Is a Zero Trust Approach?

“Zero trust summarizes the idea that no device, user, network, or other system or resource can act without authenticating its identity and can only perform actions for which it is authorized,” Ansari said. “The idea that it’s the internet-facing segment that faces all the risks and the interior of the organization is less prone to compromise or malicious activity has been discredited an organization’s network has had porous boundaries since users took their laptops home with them at the end of the day.

Group Created with Sketch.
SHARE THIS STORY
RELATED STORIES
Azure Went Dark How Secure Is Your API Gateway? Turbocharging Host Workloads with Calico eBPF and XDP How to Overcome Challenges in an API-Centric Architecture WithSecure Pours Energy into Making Software More Efficient
RELATED STORIES
WithSecure Pours Energy into Making Software More Efficient Bullet-Proofing Your 5G Security Plan How to Overcome Challenges in an API-Centric Architecture Performance Measured: How Good Is Your WebAssembly? EU Analyst: The End of the Internet Is Near
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.