The Road to Zero-Trust: Past, Present, and Future: What is Zero Trust <Araali_ Deck for (ISC)2>
Organizations measure their Application teams on deployment velocity, feature release velocity, and performance of their apps. In today’s cloud-native world, app teams are building and iterating at lighting speed, churning out multiple features, and releases a day. Often application teams feel dragged down by their security counterparts, and the application security gets left behind. The disconnect between app and sec drives companies to focus more on Response and Detect – which is more manual and expensive than automated Prevention. Even though teams spend more on security, breaches galore.
Over the last couple of decades, analysts and the security community, focussed on Preventive Security, concentrated on user and hardware devices (e.g., software-defined perimeter (SDP), Zero-Trust, and Privileged Access Management). These technologies deliver the least permissive privilege and access for users and their devices, but the apps running in the data centers and hybrid cloud were never covered. One of the key reasons is that users and devices are independent entities, and they have identities – 2FA like a fingerprint, SMS, etc. Apps don’t have 2FA.
Different companies took different paths to deliver zero-trust for apps through Big Data, ML, Network processors, FPGAs, etc. However, the promised land of Application Zero-Trust remained elusive. Even though enterprises know the least permissive privilege/zero trust is the right way to go, they struggle to adapt. The conflict is mainly centered around three key pillars – operation complexity, business disruption, and operational cost.
In this talk, Abhishek will cover some of these ideas to unpack the concepts in an easy to understand fashion. Also, he will share some key ideas you should keep in mind while thinking of protecting your custom apps running in your public and private clouds.
Abhishek Singh, CEO, Araali Networks
Abhishek was previously the Co-Founder/VP of Engineering at Tetration Analytics where he led the initial team to build and scale a datacenter-scale platform to enable micro-segmentation and security in a Virtual Machine environment. Prior to Tetration, he held engineering leadership positions at Aruba, Cisco and Ericsson.
Abhishek has a Bachelor’s in Technology degree from the Indian Institute of Technology Kanpur and a Masters’s degree from John Hopkins University (both in Computer Science).