Zero Trust Networks: Building Secure Systems in Untrusted Network, 2nd Edition

Perimeter defenses guarding your network aren't as secure as you might think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile.

In this updated edition, the authors show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.

You'll also explore fundamental concepts of a zero trust network, including trust engine, policy engine, and context aware agents; discover how this model embeds security within the system's operation, rather than layering it on top; use existing technology to establish trust among the actors in a network; migrate from a perimeter-based network to a zero trust network in production; examine case studies that provide insights into various organizations' zero trust journeys; and learn about the various zero trust architectures, standards, and frameworks.

About the Author

Razi Rais is a cybersecurity leader with more than 20 years of expertise in building and running secure and resilient systems. He has been working with Microsoft for over a decade, holding positions such as software engineer, architect, and product manager. His current focus at Microsoft is on building cutting-edge cybersecurity products and services. Razi is also a lead author of several books, including Azure Confidential Computing and Zero Trust (O'Reilly), Microsoft Identity and Access Administrator (Microsoft Press), and Programming Microsoft's Clouds (Wrox Press). In addition to being an active member of the GIAC Advisory Board, he speaks frequently at international conferences like RSA and conducts workshops and training sessions on platforms such as O'Reilly and LinkedIn. You can contact him on LinkedIn (https://www.linkedin.com/in/razirais) or visit his website (https://razibinrais.com/).

Christina Morillo is an accomplished enterprise information security and technology leader with over two decades of practical experience building and leading comprehensive information security and technology programs. Her skill and expertise have landed her roles at organizations such as Microsoft and Morgan Stanley, and she currently leads information security for an NFL sports team. Christina's impact extends beyond her enterprise security work. She is a speaker and the author of 97 Things Every Information Security Professional Should Know and The Future of Security (both published by Oâ??Reilly). Christina has also contributed to and been featured in a variety of industry publications. In addition, she serves as a Fellow and Advisor at New America for the #ShareTheMicInCyber Initiative, showcasing her commitment to the broader security community. For more on her professional journey and insights, visit https://bio.site/christinamorillo and https://www.christinamorillo.com.

Evan Gilman is the co-founder and CEO of SPIRL, the workload identity company. With roots in academia and a background in operations engineering and computer networks, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author, Evan is passionate about designing systems that strike a balance with the networks they run on.

Doug Barth is a software engineer who loves to learn and shares his knowledge with others. In his over 20 years of professional experience, he has worked as both an infrastructure and product engineer at companies like SPIRL, Stripe, PagerDuty and Orbitz. He has built and spoken about monitoring systems, mesh networks, and failure injection practices.