Zero-Trust Architecture - what is it? Is it possible for NMS?

There are almost as many definitions of Zero-Trust Architecture as there are vendors offering ZTA-based solutions. It seems to be the latest security catch-phrase.

The most common ideas are that applications following ZTA principles should:

  • assume they are running on an unprotected network (i.e., the Internet, or a breached internal corporate network)
  • validate the identities involved in every network conversation (people, machines, and/or services)
  • encrypt sensitive communications (or all?)
  • ensure the integrity of communicated messages

In other words, the old days of castle-and-moat security don’t cut it in a highly connected, cloud-based world. Modern ZTA-based applications can’t rely on firewalls alone to provide needed security, they must also defend themselves against misuse from adversaries.

Is Zero-Trust possible in network monitoring situations? So many of the legacy technologies (SNMP, ICMP, DNS, OSPF, BGP, etc., etc.) were built with implicit trust. Can they be made trustworthy?

Jeff J.

As an FYI, if anyone is confused about what Zero Trust entails, it maps to NIST 800-207, which can be found here.