Tweet
Tweet

Slide 1

Slide 1 text

Evan Gilman @evan2645 Zero Trust Networks

Slide 2

Slide 2 text

@evan2645 12/5/16 About Me Zero Trust: Building Systems in Untrusted Networks

Slide 3

Slide 3 text

@evan2645 12/5/16 Agenda Zero Trust: Building Systems in Untrusted Networks The Problem What is Zero Trust? Implementations State of the Union

Slide 4

Slide 4 text

@evan2645 The Problem

Slide 5

Slide 5 text

@evan2645 12/5/16 Enforcement Zero Trust: Building Systems in Untrusted Networks Users feel safe inside

Slide 6

Slide 6 text

@evan2645 12/5/16 Even if they are not Bad Guy Enforcement Zero Trust: Building Systems in Untrusted Networks

Slide 7

Slide 7 text

@evan2645 12/5/16 Even if they are not Bad Guy … Am I really that safe? Enforcement Zero Trust: Building Systems in Untrusted Networks

Slide 8

Slide 8 text

@evan2645 What Are We Protecting?

Slide 9

Slide 9 text

@evan2645 12/5/16 Common Sense Security Important Server Enforcement Zero Trust: Building Systems in Untrusted Networks

Slide 10

Slide 10 text

@evan2645 12/5/16 Common Sense Security Important Server Enforcement Zero Trust: Building Systems in Untrusted Networks

Slide 11

Slide 11 text

@evan2645 What is Zero Trust?

Slide 12

Slide 12 text

@evan2645 What is Zero Trust?

Slide 13

Slide 13 text

@evan2645 12/5/16 What is a Zero Trust Network? No Pools of Trust Internet Security Everywhere All Flows Strongly Authenticated + Authorized Zero Trust: Building Systems in Untrusted Networks

Slide 14

Slide 14 text

@evan2645 12/5/16 Zero Trust Networks Zero Trust: Building Systems in Untrusted Networks Primitive Required Advanced Optional

Slide 15

Slide 15 text

@evan2645 Manifestation

Slide 16

Slide 16 text

@evan2645 12/5/16 Control Plane Services Zero Trust: Building Systems in Untrusted Networks User Inventory Device Inventory Data Plane Servers Servers Servers Servers Servers Phones Servers Servers Laptops

Slide 17

Slide 17 text

@evan2645 12/5/16 Control Plane Services Zero Trust: Building Systems in Untrusted Networks User Inventory Device Inventory Config Mgmt Data Plane Servers Servers Servers Servers Servers Phones Servers Servers Laptops

Slide 18

Slide 18 text

@evan2645 12/5/16 Control Plane Services Zero Trust: Building Systems in Untrusted Networks User Inventory Device Inventory Config Mgmt Authentication Services Data Plane Servers Servers Servers Servers Servers Phones Servers Servers Laptops

Slide 19

Slide 19 text

@evan2645 12/5/16 Control Plane Services Zero Trust: Building Systems in Untrusted Networks User Inventory Device Inventory Config Mgmt Authentication Services Data Plane Servers Servers Servers Servers Servers Phones Servers Servers Laptops

Slide 20

Slide 20 text

@evan2645 Examples

Slide 21

Slide 21 text

@evan2645 Server-Side

Slide 22

Slide 22 text

@evan2645 12/5/16 PagerDuty Multiple Cloud Providers Zero Trust: Building Systems in Untrusted Networks

Slide 23

Slide 23 text

@evan2645 12/5/16 PagerDuty Multiple Cloud Providers Zero Trust: Building Systems in Untrusted Networks

Slide 24

Slide 24 text

@evan2645 12/5/16 PagerDuty Multiple Cloud Providers Cross-WAN Zero Trust: Building Systems in Untrusted Networks

Slide 25

Slide 25 text

@evan2645 12/5/16 PagerDuty Multiple Cloud Providers Cross-WAN Strong Authenticity + Privacy Zero Trust: Building Systems in Untrusted Networks

Slide 26

Slide 26 text

@evan2645 12/5/16 PagerDuty Multiple Cloud Providers Cross-WAN Strong Authenticity + Privacy Topology-Manager Zero Trust: Building Systems in Untrusted Networks

Slide 27

Slide 27 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Server Agent Contained Workload Server Agent Contained Workload Enforcement

Slide 28

Slide 28 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Server Agent Contained Workload Server Agent Contained Workload Enforcement

Slide 29

Slide 29 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Server Agent Contained Workload Server Agent Contained Workload Enforcement

Slide 30

Slide 30 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Server Agent Contained Workload Server Agent Contained Workload Enforcement

Slide 31

Slide 31 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Server Agent Contained Workload Server Agent Contained Workload Enforcement

Slide 32

Slide 32 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane

Slide 33

Slide 33 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Authorized User

Slide 34

Slide 34 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Provisioner Authorized User

Slide 35

Slide 35 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Provisioner Device Inventory Authorized User

Slide 36

Slide 36 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Provisioner Device Inventory User Inventory Authorized User

Slide 37

Slide 37 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Provisioner Device Inventory User Inventory Authorized User

Slide 38

Slide 38 text

@evan2645 12/5/16 Topology-Manager Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Provisioner Device Inventory User Inventory Config Mgmt Authorized User

Slide 39

Slide 39 text

@evan2645 12/5/16 Topology-Manager No Trust In Network Zero Trust: Building Systems in Untrusted Networks

Slide 40

Slide 40 text

@evan2645 12/5/16 Topology-Manager No Trust In Network Compute Can Be Bootstrapped Anywhere Zero Trust: Building Systems in Untrusted Networks

Slide 41

Slide 41 text

@evan2645 12/5/16 Topology-Manager No Trust In Network Compute Can Be Bootstrapped Anywhere All Flows Get Strong AuthN/AuthZ Zero Trust: Building Systems in Untrusted Networks

Slide 42

Slide 42 text

@evan2645 Client-Side

Slide 43

Slide 43 text

@evan2645 Client-Side

Slide 44

Slide 44 text

@evan2645 Client-Side

Slide 45

Slide 45 text

@evan2645 12/5/16 Google Large Network, Large Perimeter Zero Trust: Building Systems in Untrusted Networks

Slide 46

Slide 46 text

@evan2645 12/5/16 Google Large Network, Large Perimeter Many Remote Employees Zero Trust: Building Systems in Untrusted Networks

Slide 47

Slide 47 text

@evan2645 12/5/16 Google Large Network, Large Perimeter Many Remote Employees Perimeter + Remote Access Untenable Zero Trust: Building Systems in Untrusted Networks

Slide 48

Slide 48 text

@evan2645 12/5/16 Google Large Network, Large Perimeter Many Remote Employees Perimeter + Remote Access Untenable BeyondCorp Zero Trust: Building Systems in Untrusted Networks

Slide 49

Slide 49 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Corp. Client

Slide 50

Slide 50 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Corp. Client

Slide 51

Slide 51 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Access Proxy Corp. Client

Slide 52

Slide 52 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Access Proxy Corp. Client Enforcement

Slide 53

Slide 53 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Access Proxy Corp. Client Backend Backend Backend Enforcement

Slide 54

Slide 54 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Access Proxy Corp. Client Backend Backend Backend Enforcement

Slide 55

Slide 55 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane User Inventory

Slide 56

Slide 56 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane SSO User Inventory

Slide 57

Slide 57 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane SSO Device Inventory User Inventory

Slide 58

Slide 58 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane SSO Device Inventory User Inventory

Slide 59

Slide 59 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Access Control Engine SSO Device Inventory User Inventory

Slide 60

Slide 60 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Access Control Engine SSO Device Inventory User Inventory

Slide 61

Slide 61 text

@evan2645 12/5/16 BeyondCorp No Trust In Network Zero Trust: Building Systems in Untrusted Networks

Slide 62

Slide 62 text

@evan2645 12/5/16 BeyondCorp No Trust In Network Users Safely Roam Free Zero Trust: Building Systems in Untrusted Networks

Slide 63

Slide 63 text

@evan2645 12/5/16 BeyondCorp No Trust In Network Users Safely Roam Free All Requests Get Strong AuthN/AuthZ Zero Trust: Building Systems in Untrusted Networks

Slide 64

Slide 64 text

@evan2645 12/5/16 BeyondCorp No Trust In Network Users Safely Roam Free All Requests Get Strong AuthN/AuthZ Zero Trust: Building Systems in Untrusted Networks

Slide 65

Slide 65 text

@evan2645 Mature Zero Trust

Slide 66

Slide 66 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Access Control Engine SSO Device Inventory User Inventory Trust Engine

Slide 67

Slide 67 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Data Plane Control Plane Access Control Engine SSO Device Inventory User Inventory Trust Engine

Slide 68

Slide 68 text

@evan2645 12/5/16 BeyondCorp Zero Trust: Building Systems in Untrusted Networks Control Plane Data Plane Access Proxy Corp. Client Backend Backend Backend Score Score

Slide 69

Slide 69 text

@evan2645 12/5/16 Mature Zero Trust Zero Trust: Building Systems in Untrusted Networks Trust Engine User Data Device Data

Slide 70

Slide 70 text

@evan2645 12/5/16 Mature Zero Trust Zero Trust: Building Systems in Untrusted Networks Trust Engine User Data sFlow Device Data

Slide 71

Slide 71 text

@evan2645 12/5/16 Mature Zero Trust Zero Trust: Building Systems in Untrusted Networks Trust Engine User Data sFlow Accounting Device Data

Slide 72

Slide 72 text

@evan2645 UX is Important

Slide 73

Slide 73 text

@evan2645 UX is Important

Slide 74

Slide 74 text

@evan2645 Earth is Calling…

Slide 75

Slide 75 text

@evan2645 Earth is Calling…

Slide 76

Slide 76 text

@evan2645 Earth is Calling…

Slide 77

Slide 77 text

Evan Gilman @evan2645 Zero Trust Networks