-
-
Notifications
You must be signed in to change notification settings - Fork 570
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/blog: Blog about zero trust and wireguard #7567
Conversation
✅ Deploy Preview for authentik-storybook canceled.
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 5.7%, saving 25.05 KB.
192 images did not require optimisation. |
✅ Deploy Preview for authentik ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #7567 +/- ##
==========================================
- Coverage 92.61% 92.58% -0.03%
==========================================
Files 587 587
Lines 29029 29029
==========================================
- Hits 26885 26877 -8
- Misses 2144 2152 +8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One typo must be fixed. Other than that, a few grammatical / flow suggestions.
|
||
But this can be risky. For better or worse, good ideas inevitably get branded, and if you want to keep up, you need to see past the branding – even if it involves stripping away the marketing fluff to see the nugget of an idea within. | ||
|
||
There’s no better example of this than zero trust. In this post, we’ll briefly explore the term's history, explain how it became such an untrustworthy buzzword, and argue that thanks to a few advancements (mainly Wireguard), zero trust will soon go from buzzword to reality. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: s/of this/of a good idea buried under buzzword bingo/. (Or something similar)
I'm not a huge fan of pronouns with weak antecedents. :-)
|
||
If your company has an office, that means a breach can start when people access the network, and if your company is virtual, that means a breach can open as soon as people start logging into things they shouldn’t. | ||
|
||
The zero trust model instead eliminates implicit trust and, as the name implies, trust altogether. The framework is “zero trust” because it considers trust a vulnerability. In zero trust, all users are authenticated, authorized, and continuously validated before gaining or maintaining access to systems, applications, and data. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: This reads awkwardly, like there's a cry for parallelism here that can't be made. Maybe just "As the name implies, the zero trust model eliminates trust altogether."
|
||
When the zero trust model emerged, it had clear advantages, and many security experts agreed on its value. But practical realities meant that many organizations couldn’t adopt it. | ||
|
||
At the time, when many enterprises were still shiftingware software to the cloud and before remote work became truly normal, many organizations thought perimeter-based security worked well enough. Leaders could read a Forrester paper on zero trust, find it interesting, and agree in theory but not feel compelled to rebuild their entire security system. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: "shiftingware." Software for Werewolves?
Security concerns already suffer from a “But it won’t happen to me” effect, and the prospect of making a huge investment for the sake of an abstract benefit (the ROI of _not_ getting a breach, maybe) was hard to calculate. | ||
|
||
Vendors didn’t make these calculations easier. When it debuted, zero trust was more an abstract idea than a practical methodology, and security vendors did little to clarify things. Most vendors were not ready for zero trust at all, and even those that claimed to be couldn’t integrate and interoperate well because the ecosystem wasn’t mature yet. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: I know there's an emphasis on keeping blog entries short, but maybe make the point that organized attackers often corrupt armies of unprotected computers to create massive automated 'bot farms on which they run brute force attacks, scripts, and now ChatGPT to make breaking into companies cheap and easy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this... a very valid point... am trying to figure out where to fit it in, and how much time that will take, haha.
In the decade after the “zero trust” concept was popularized, adoption proved so difficult that the term began to resemble a nearly meaningless buzzword. | ||
|
||
Until NIST defined the term better in their above-mentioned Zero Trust Architecture article in 2020, there was no clear definition. Without clarity, it was hard for any developer, security engineer, or business leader to invalidate whether any vendor offered a true zero-trust solution. (And that’s not even considering whether one solution could claim to offer zero trust at all). | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: "invalidate" requires a mental headshake to understand; "It was hard for any developer, security engineer, or business leader to verify a vendor's claim that their solution was truly zero-trust."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, thank you.
Given the hype and the lack of clarity, many vendors, marketers, and “thought leaders” pushed zero-trust products that were, at best, partial solutions. This push created a lot of cynicism amongst developers and security engineers. | ||
|
||
As Den Jones, CSO at Banyan Security, [writes](https://www.linkedin.com/pulse/little-reflection-zero-trust-hype-den-jones/?trk=pulse-article_more-articles_related-content-card), “the level of marketing BS,” including frameworks, papers, and more, became overwhelming: “My concern now is that there’s an overwhelming amount of information related to zero trust, so much so that people struggle to decipher it into something meaningful, something that actually solves their problems.” | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo? "and more become overwhelming..." I don't think the comma is needed there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure where in current content you are referring?
![graph of Google Trends](./zero-trust-1.png) | ||
|
||
Google Trends shows that the search volume for zero trust increased way after the term originated but before the methodology really became practical. And now, search volume is flagging just as the full zero trust model becomes realistic. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: s/way after/long after/;
* main: (42 commits) stages/authenticator_totp: fix API validation error due to choices (#7608) website: fix pricing page inconsistency (#7607) web: bump API Client version (#7602) translate: Updates for file web/xliff/en.xlf in zh_CN (#7603) core: bump goauthentik.io/api/v3 from 3.2023103.2 to 3.2023103.3 (#7606) translate: Updates for file web/xliff/en.xlf in zh-Hans (#7604) Revert "web: bump @lit-labs/context from 0.4.1 to 0.5.1 in /web (#7486)" root: fix API schema for kotlin (#7601) web: bump @lit-labs/context from 0.4.1 to 0.5.1 in /web (#7486) translate: Updates for file web/xliff/en.xlf in zh-Hans (#7583) events: fix missing model_* events when not directly authenticated (#7588) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_TW (#7594) providers/scim: fix missing schemas attribute for User and Group (#7477) core: bump pydantic from 2.5.0 to 2.5.1 (#7592) web/admin: contextually add user to group when creating user from group page (#7586) website/blog: title and slug change (#7585) events: sanitize functions (#7587) stages/email: use uuid for email confirmation token instead of username (#7581) website/blog: Blog about zero trust and wireguard (#7567) ci: translation-advice: avoid commenting after make i18n-extract ...
Draft for review