Professional Documents
Culture Documents
Kindervag Zero Trust Network Arch v2
Kindervag Zero Trust Network Arch v2
Edge FW
IPS
Core
Email WCF WAF VPN DAM DLP DB ENC
WLAN FW FW
GW
NAC
Access
Re-Building the Secure Network
FW
WLAN
GW
IPS
CRYPTO AM CF
WAF
NAC
Email
FW IPS AC
WCF
DAM
Packet Forwarding Engine
DLP
DB ENC
VPN
Segmentation Gateway
NGFW
Very High
Speed FW
Multiple 10G
Interfaces
Builds Security
into the
Network DNA AC
Zero Trust Drives Future Network
Design
MCAP – Micro Core and
Perimeter
MCAP resources have
similar functionality
and share global policy User MCAP
attributes
MCAPs are centrally
managed to create a WWW MCAP
unified switching fabric
Management =
Backplane MGMT
server
Zero Trust Drives Future Network
Design
All Traffic to and from
each MCAP is
Inspected and Logged
User MCAP
WWW MCAP
Source: December 2010 “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network”
A Traditional Hierarchical Network Will
Evolve To A Flatter, Meshed Topology
Source: December 2010 “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network”
Zero Trust Network Architecture is
Fabric Friendly
Source: December 2010 “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network”
Zero Trust Multi-Dimensionality
Zero Trust Data Identity: Treat data as if it’s living
Data
•Location Data identity
•Classification (DID)
•Type
Zero Trust Multi-Dimensionality
Zero Trust Data Identity: Treat data as if it’s living
Network
Transport
Context Identity
Trust But Verify
Verify and Never Trust
Summary
• Make the Network and Enforcement Point
• Zero Trust — “Verify and never trust!”
• Inspect and log all traffic.
• Design from the inside out.
• Design with compliance in mind.
• Embed security into network DNA.
UNTRUSTED UNTRUSTED
Thank you
John Kindervag
+1 469.221.5372
jkindervag@forrester.com
Twitter: Kindervag
www.forrester.com