Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 3 Delivering Consistent Security Using Zero Trust 43 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Myth 2: Zero Trust is complex, costly, and time consuming. Truth: Start by focusing on the most critical applications and data sets. Build your strategy around the four design concepts of Zero Trust: • Define business outcomes • Design from the inside out • Determine who or what needs access • Inspect and log all traffic Myth 3: Zero Trust is all about identity. Truth: Identity is only part of Zero Trust. Traffic that the asserted iden- tity generates must be inspected for malicious content and unauthor- ized activity, and logged through Layer 7 (the Application Layer). Start with the users and data in your organization's protect surface, then extend across the network to the applications, assets, and services (DAAS: data, applications, assets, and services). Myth 4: You can do Zero Trust at Layer 3 (the Network Layer). Truth: Most attackers can easily bypass traditional network firewalls operating at Layers 3 and 4 (the Transport Layer) using port scans to identify vulnerable open ports or services. When you create policy at Layer 7, you have visibility throughout the entire stack, preventing attackers from moving across the internal network and accessing sen- sitive data or systems.