Event Recording
Dissecting Zero Trust, a real life example
After his presentation on Strategic and Tactical approaches for Zero Trust, in this presentation Fabrizio will breakdown the components of a Zero Trust implementation and highlight what a company needs to implement it. Fabrizio will also cover use-cases like legacy or cloud-based applications.
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Hello everyone. I'm Fabrical, I'm the head of product, infrastructure security for scout. We have basically we, what we do is supply chain management team tion. And at the same time, I'm projection of zero from cook thousand 17. So in this presentation, we are going to see the major components of zero cross architecture. And the reason why the personal reason why I have, I, I want cook this presentation was because effectively every presentation I see about the coffee was just, there was no, no element. So I was like, okay, what can need to do to implement zero cross? So let's see. Okay. That's my introduction. So I, as inside the work scout, I'm a security advisor. I previously worked for bergs Exor startup symantech and that's my, your code for linking, if you want to add me. So the scenario, so you are going to Google cause your manager or your ask, okay.
We want to implement zero cross. I don't know what gig is. Sound school. Everyone is implementing G. So how to Google G you Google, Google, and you effectively have 3 million result. And you can see that even in, in, in the main sponsor area, every, every sponsor is saying zero cross, but effectively they tackle just one park of zero cross. They tackle, I know, point they tackle again, Kiki, but is not the full spectrum. So what is zero cross? So what are geek components of a zero cross architecture? I will say they are four. I mentioned Chris. So I forgot one. I apologize for that. So the first one is a again, Kiki, for sure.
And we will call, click on, in a panel about agen Kiki, but GE components for car. So there is a policy decision point. Policy decision point is not something that you can buy is definitely is not something that you can buy off the shelf. It's something that you have to build. And because you have to build this because it is a mix of systems. So there is your banking, access management solution. There is your theme. There is your store. So there is your components that basically you have to do and focus. And what does is effectively is set up the policy of your architecture. What is a policy we will see in just few seconds. So gang, you have the policy enforcement points, the policy Forman points are effectively. What are enforcing the policy that you have the best news is that you are already having in your, in your infrastructure. You already have. Cause is your simply just the firewall is simply just your employ management is your Palm is your LP. So you already have that. You gonna need to buy. Of course, there are some evaluation to do so we can call clicker. Because for example, if you have a simple firewall get is just doing the classic socket. So distinguish sh Porwal and protocol. That's not going to work. So if you have an API integration with a, with a firewall, yeah, that maybe is, is the one that you're looking for.
And finally, the over components is a policy policy simply saying who access to what or who access, not access to what? So, why I am an architect? Why have financial is, is not effectively. It's not what I'm doing. So in the policy, it should basically keep your, again, in mind, it should keep the, that you're going to design the policy and it should keep, should keep in mind also that you need to access. So let's showing ion flow. I will skip that, but it's basically, it's the flow that you are going to get, you're going to implement. So that's the policy evaluation let's keep. So let's put together the components that we see, and basically what you have is a zero cross design. That's actually what was missing for most of the presentation. So you have here, the external system, you have your policy enforcement point.
You have your policy decision point that is on the top. And you see integrated with your access management, with your PKA, with your mobile device management, with team. And so, so deck is effectively what you want to do in your, in your enterprise, how to go get well, gets effectively. It depends by you cause there is no standard solution and the solution is okay. Care of the, of your processes. Cause for example, I'm implementing zero cross right now in my company. And one of the things that we have gone first is fixing the, again, Kiki and again, from fixing the gang Kiki, we are going to design our zero cross solution. So if you don't cross me and can happen, we are talking about zero cross gets Microsoft. I knock up M FBO, definitely, but gets official one. And, and basically they do the same.
So you have your ization point. You, you have your, again, Kiki, you have your own enforcement points probably was a little bit too happy with the mouse, but, but it's okay. So effectively, that's what you want to implement. Now I'm working. I work in scout B as a startup is based on AWS. So it's, it's, it's very easy to talk about zero cross. When you're talking about the cloud, what about the legacy? It seems effect I work for six more years in, eh, in financial services for gala actually is you have quantify is the key for cross transformation. And once quantify, you have unique web strategy for dealing with act. You can replace it. It's not always possible. You can upgrade it never possible, but you can put network, you can use network micro segmentation. You can use where firewall you can encapsulate and you can go a mix of GBO.
I will give you quick example on act because we want to have a practical session here. So for when I was working Zurich, we have basically, we had some machines, some miracle machines that was impossible to cop Greg. They were based on windows. XP was out of license and we can hook up Greg cause gig van went bankrupt and I'm pretty sure you had some similar situation. What we have done is we leverage gain a solution of GE hypervisor could create and, and could create an micro segmentation. Another example was in a hospital, GA GI, I don't remember probably was few million pound microscope and had windows been front Sok was suggesting, okay, I will pay for gap upgrade, but effectively was impossible. So what was the solution? Simply a qu Euro and where firewall. So going over king, but you have, Colan carefully forget.
You have, Colan carefully how you want to manage your legacy. Another example. Okay. That's a big example. So you have your application with a king client, you have a legacy application and an application protocol get communicates. Hopefully it's encrypted. Most of the time is not cause it's a legacy software. That's a new leg, gets a new a new way. So you basically have, you have encrypting a tunnel. You have your policy enforcement point and you have your, your IDP that is working on ation. That's how you can, is one of the possibility to deal with legacy. So I want cookie shark. Cause last time I'm Italian and I call Klock one cookie shark for now and also give you the possibility to have some answers. But in the conclusion, I want to say that there are lot of ways and tools to eager open source or, or pay your company. Your company can use for zero cost. I don't know. I'm a big fan of Kanu, but not the company they have. They have a possibility Google get, and you have O query that is basically doing the same is allowing you to, to query your endpoint. And it's free. It's open source. It's free, supported by, by Facebook and the open source foundation. So Netflix is using or what's using backing time.
But again, zero cross is not a product that you can buy off the shelf. It's not a product that is not an, it only, project's a little bit more complex debt. So I used to say that zero cross is a journey and it's not going to be easy. So Google we beyond Corp took seven years to implement it. I know more companies are doing and cake sometimes. So my suggestion is start small, go POC, Google lab, Google department, if you are multi-cloud you can use some, you can use the code from Hashi. For example, if you have something on premise, use that and try to implement it. Start with a long term business driven strategy. And cause technology is only supporting your processes. Technology is, is not the way you have Google zero cross. Otherwise you can go from one vendor upstairs and ask about the cross solution.
But as I said is not, it's not inclusive, cause it will just tackle one component. So start with a long term business living strategy. Cause effectively what you want to do is to improve the, the user experience of your employee. You want to improve the user experience of your contract works cause it will be. And we, and for user workload repairing place, unless your Cisco and I was speak with Cisco and GOK sounds good. Doesn't work. Think beyond security, focus on business enablers. We just spoke about debt, enterprise mobility, for example, and with pandemic COGA deck, you won't work everywhere. You can. And always of the VPNing is not way zero cost. Think about compliance. I can I, your K assets. I can. I biggest risk in one step and try to use as much as you can. Everything that you have and we get, I can, I'm done. So if you have any questions, feel free, go stop by.
We want to implement zero cross. I don't know what gig is. Sound school. Everyone is implementing G. So how to Google G you Google, Google, and you effectively have 3 million result. And you can see that even in, in, in the main sponsor area, every, every sponsor is saying zero cross, but effectively they tackle just one park of zero cross. They tackle, I know, point they tackle again, Kiki, but is not the full spectrum. So what is zero cross? So what are geek components of a zero cross architecture? I will say they are four. I mentioned Chris. So I forgot one. I apologize for that. So the first one is a again, Kiki, for sure.
And we will call, click on, in a panel about agen Kiki, but GE components for car. So there is a policy decision point. Policy decision point is not something that you can buy is definitely is not something that you can buy off the shelf. It's something that you have to build. And because you have to build this because it is a mix of systems. So there is your banking, access management solution. There is your theme. There is your store. So there is your components that basically you have to do and focus. And what does is effectively is set up the policy of your architecture. What is a policy we will see in just few seconds. So gang, you have the policy enforcement points, the policy Forman points are effectively. What are enforcing the policy that you have the best news is that you are already having in your, in your infrastructure. You already have. Cause is your simply just the firewall is simply just your employ management is your Palm is your LP. So you already have that. You gonna need to buy. Of course, there are some evaluation to do so we can call clicker. Because for example, if you have a simple firewall get is just doing the classic socket. So distinguish sh Porwal and protocol. That's not going to work. So if you have an API integration with a, with a firewall, yeah, that maybe is, is the one that you're looking for.
And finally, the over components is a policy policy simply saying who access to what or who access, not access to what? So, why I am an architect? Why have financial is, is not effectively. It's not what I'm doing. So in the policy, it should basically keep your, again, in mind, it should keep the, that you're going to design the policy and it should keep, should keep in mind also that you need to access. So let's showing ion flow. I will skip that, but it's basically, it's the flow that you are going to get, you're going to implement. So that's the policy evaluation let's keep. So let's put together the components that we see, and basically what you have is a zero cross design. That's actually what was missing for most of the presentation. So you have here, the external system, you have your policy enforcement point.
You have your policy decision point that is on the top. And you see integrated with your access management, with your PKA, with your mobile device management, with team. And so, so deck is effectively what you want to do in your, in your enterprise, how to go get well, gets effectively. It depends by you cause there is no standard solution and the solution is okay. Care of the, of your processes. Cause for example, I'm implementing zero cross right now in my company. And one of the things that we have gone first is fixing the, again, Kiki and again, from fixing the gang Kiki, we are going to design our zero cross solution. So if you don't cross me and can happen, we are talking about zero cross gets Microsoft. I knock up M FBO, definitely, but gets official one. And, and basically they do the same.
So you have your ization point. You, you have your, again, Kiki, you have your own enforcement points probably was a little bit too happy with the mouse, but, but it's okay. So effectively, that's what you want to implement. Now I'm working. I work in scout B as a startup is based on AWS. So it's, it's, it's very easy to talk about zero cross. When you're talking about the cloud, what about the legacy? It seems effect I work for six more years in, eh, in financial services for gala actually is you have quantify is the key for cross transformation. And once quantify, you have unique web strategy for dealing with act. You can replace it. It's not always possible. You can upgrade it never possible, but you can put network, you can use network micro segmentation. You can use where firewall you can encapsulate and you can go a mix of GBO.
I will give you quick example on act because we want to have a practical session here. So for when I was working Zurich, we have basically, we had some machines, some miracle machines that was impossible to cop Greg. They were based on windows. XP was out of license and we can hook up Greg cause gig van went bankrupt and I'm pretty sure you had some similar situation. What we have done is we leverage gain a solution of GE hypervisor could create and, and could create an micro segmentation. Another example was in a hospital, GA GI, I don't remember probably was few million pound microscope and had windows been front Sok was suggesting, okay, I will pay for gap upgrade, but effectively was impossible. So what was the solution? Simply a qu Euro and where firewall. So going over king, but you have, Colan carefully forget.
You have, Colan carefully how you want to manage your legacy. Another example. Okay. That's a big example. So you have your application with a king client, you have a legacy application and an application protocol get communicates. Hopefully it's encrypted. Most of the time is not cause it's a legacy software. That's a new leg, gets a new a new way. So you basically have, you have encrypting a tunnel. You have your policy enforcement point and you have your, your IDP that is working on ation. That's how you can, is one of the possibility to deal with legacy. So I want cookie shark. Cause last time I'm Italian and I call Klock one cookie shark for now and also give you the possibility to have some answers. But in the conclusion, I want to say that there are lot of ways and tools to eager open source or, or pay your company. Your company can use for zero cost. I don't know. I'm a big fan of Kanu, but not the company they have. They have a possibility Google get, and you have O query that is basically doing the same is allowing you to, to query your endpoint. And it's free. It's open source. It's free, supported by, by Facebook and the open source foundation. So Netflix is using or what's using backing time.
But again, zero cross is not a product that you can buy off the shelf. It's not a product that is not an, it only, project's a little bit more complex debt. So I used to say that zero cross is a journey and it's not going to be easy. So Google we beyond Corp took seven years to implement it. I know more companies are doing and cake sometimes. So my suggestion is start small, go POC, Google lab, Google department, if you are multi-cloud you can use some, you can use the code from Hashi. For example, if you have something on premise, use that and try to implement it. Start with a long term business driven strategy. And cause technology is only supporting your processes. Technology is, is not the way you have Google zero cross. Otherwise you can go from one vendor upstairs and ask about the cross solution.
But as I said is not, it's not inclusive, cause it will just tackle one component. So start with a long term business living strategy. Cause effectively what you want to do is to improve the, the user experience of your employee. You want to improve the user experience of your contract works cause it will be. And we, and for user workload repairing place, unless your Cisco and I was speak with Cisco and GOK sounds good. Doesn't work. Think beyond security, focus on business enablers. We just spoke about debt, enterprise mobility, for example, and with pandemic COGA deck, you won't work everywhere. You can. And always of the VPNing is not way zero cost. Think about compliance. I can I, your K assets. I can. I biggest risk in one step and try to use as much as you can. Everything that you have and we get, I can, I'm done. So if you have any questions, feel free, go stop by.
Stay Connected
Related Videos
How can we help you