Perimeter defenses guarding your network aren't as secure as you might think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile.
In this updated edition, the authors show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.
- Explore fundamental concepts of a zero trust network, including trust engine, policy engine, and context aware agents
- Understand how this model embeds security within the system's operation, rather than layering it on top
- Use existing technology to establish trust among the actors in a network
- Migrate from a perimeter-based network to a zero trust network in production
- Examine case studies that provide insights into various organizations' zero trust journeys
- Learn about the various zero trust architectures, standards, and frameworks
Razi Rais has over two decades of experience designing and developing highly scalable and secure enterprise software and cloud services. He has been working at Microsoft for over ten years, serving in various roles such as software engineer, architect, and product manager. His current focus at Microsoft is on helping businesses strengthen their cybersecurity posture by protecting workloads at scale against the most sophisticated cyberattacks. Razi is also the lead author of several books, including Exam Ref SC-300: Microsoft Identity and Access Administrator by Microsoft Press and Programming Microsoft's Clouds: Windows Azure and Office 365 by Wrox Press. He is also a member of the IEEE Computer Society, ACM, SANS advisory board, as well as a frequent speaker at international conferences and an instructor who provides security-related training all over the world. You can get in touch with him via LinkedIn (https: //www.linkedin.com/in/razirais) or through his website, https: //razibinrais.com. His GitHub profile is https: //github.com/razi-rais. Christina Morillo is an information security and technology leader with an extensive background in enterprise security, identity, cloud and operations. In her current role as Principal Security Consultant, she leads the Microsoft Cloud Security Service offering focused on helping organizations improve their cloud identity and security posture. She is the author/editor of 97 Things Every Information Security Should Know, and The Future of Security report, published by O'Reilly Media. She also serves as Fellow and Advisor at New America for the #ShareTheMicInCyber Initiative. You can find her on the web at https: //bio.site/christinamorillo and at https: //www.christinamorillo.com Evan Gilman is an Operations Engineer with a background in computer networks. With roots in academia, and currently working in the public internet, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author, Evan is passionate about designing systems that strike a balance with the networks they run on. Doug Barth is a software engineer who loves to learn and shares his knowledge with others. He has worked on systems of various sizes at companies like Orbitz and PagerDuty. He has built and spoken about monitoring systems, mesh networks, and failure injection practices.
Lisainfo e-raamatute kohta