Skip to main content
SpringerLink
Log in

The Emergence of Post Covid-19 Zero Trust Security Architectures

  • Chapter
  • First Online:
Information Security Technologies for Controlling Pandemics

Abstract

With a significant move to home working during the pandemic zero trust concepts have gained greater acceptance, and there was significant hype about the Zero Trust attributes of many security products. Indeed, every security company now claims to embrace Zero Trust. Many do so without stating which of their products or services contribute to a Zero Trust framework. This hype has raised awareness of the security issues associated with remote working, which obviously is a very positive acknowledgement that current security frameworks need to be improved to embrace the fast-growing use of technologies such as video conferencing, screen sharing and even Cloud identity management systems.

Behind the scenes there has been significant developments:

In February 2020 Weever and Andreou [3] published Zero Trust Network Security Model in containerized environments and examined containerised communications and Zero Trust implementations in depth, and how in software defined networks micro segmentation protects is managed by a network policy engine that can use a security sidecar module to shut down a network segment in the event of an attack being identified.

In February and March 2020 two draft articles were published Implementing a Zero Trust Architecture and a NIST draft of a Zero Trust framework with a Policy Engine making policy decisions based on monitoring and threat intelligence. These draft documents show how NIST is distilling the theory into a standard architecture for Zero Trust implementations. This is a milestone in the Zero Trust story as this will lead to a common approach that will allow corporations to be able to align their strategies with a recognised Zero Trust framework.

In April Malhotra [9] made the argument how the USA should take the Lead in Data Protection by using Zero Trust Architectures and Penetration Testing. This is an interesting argument as with a blurred network perimeter, the penetration tester no longer has a single point of entry to the network to test an organisation and a Penetration Testers job nowadays is more to do with testing an organisations resilience to phishing emails and social engineering than trying to exploit communication port vulnerabilities that might exist on external IP addresses at perimeter firewalls.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Blokdyk G (2020) Zero trust network a complete guide – 2020 Edition published by 5starcooks

    Google Scholar 

  2. Conway A (2020) New data from microsoft shows how the pandemic is accelerating the digital transformation of cyber-security. https://www.microsoft.com/security/blog/2020/08/19/microsoft-shows-pandemic-accelerating-transformation-cyber-security/. Accessed 20 Aug 2020

  3. de Weever C, Andreou M (2020) Zero trust network security model in containerized environments. https://delaat.net/rp/2019-2020/p01/report.pdf. Accessed 12 May 2020

  4. Edwards C (2020) Border control: cyber security when your staff are at home. hyttps://eandt.theiet.org/content/articles/2020/05/border-control/. Accessed 20 may 2020

    Google Scholar 

  5. Gillibrand K (2020) Beyond data protection to command and control (C2) sustainability in a post-COVID19 world. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3581454). Accessed 24 May 2020

  6. Gilman E, Barth D (2017) Zero trust networks. O’Reilly C.A. USA

    Google Scholar 

  7. Hammett J (2014) Bro script to detect plain test passwords. https://bro.bro-ids.narkive.com/J4Tq9PBC/bro-script-to-detect-plain-text-passwords. Accessed 10 Aug 2020

  8. Kerman A, Borchert O, Rose S (2020) Implementing a zero trust architecture. https://csrc.nist.gov/publications/detail/white-paper/2020/03/17/implementing-a-zero-trust-architecture/draft. Accessed 24 May 2020

  9. Malhotra Y (2020) Beyond data protection to command and control (C2) sustainability in a post-COVID19 world. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3581454. Accessed 12 May 2020

  10. Mehraj S, Banday T (2020) Establishing a zero trust strategy in cloud computing environment. https://ieeexplore.ieee.org/document/9104214/figures#figures. Accessed 23 June 2020

  11. NCSC Peter R (2020) Zero trust principles – beta release. https://www.ncsc.gov.uk/blog-post/zero-trust-principles-beta-release. Accessed 1 Jan 2021

  12. NIST-2 (2020) Why traditional network perimeter security no longer protects. https://www.nccoe.nist.gov/news/why-traditional-network-perimeter-security-no-longer-protects. Accessed 8 Aug 2020

  13. Rose S, Borchert O, Mitchel S, Connelly S (2020) NIST special publication 800–207 zero trust architecture. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf. Accessed 23 Aug 2020

  14. Slater J (2020) Microsoft’s failures to renew: teams, hotmail, and hotmail.co.uk. https://arstechnica.com/gadgets/2020/02/yesterdays-multi-hour-teams-outage-was-due-to-an-expired-ssl-certificate/. Accessed 4 April 2020

  15. Slattery (2018) Examining emerging network protocols. https://www.nojitter.com/examining-emerging-network-protocols. Accessed 12 July 2020

  16. Strickland J (2020) The weak link in video conferencing tools – passwords. https://ceo-insight.com/cyber-security/the-weak-link-in-video-conferencing-tools-passwords/. Accessed 12 July 2020

  17. Zaheer Z, Chang H, Mukherjee S, Van der Merwe J (2020) eZTrust:network-independent zero-trust perimeterization for microservices. https://doi.org/10.1145/3314148.3314349. Accessed 26 June 2020

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. St. Peter, Jersey

    David Haddon

  2. London, UK

    Philip Bennett

Authors
  1. David Haddon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Philip Bennett
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Haddon .

Editor information

Editors and Affiliations

  1. Northumbria University London, London, UK

    Hamid Jahankhani

  2. Cyfortis, Worcester Park, Surrey, UK

    Stefan Kendzierskyj

  3. CENTRIC, Sheffield Hallam University, Sheffield, UK

    Babak Akhgar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Haddon, D., Bennett, P. (2021). The Emergence of Post Covid-19 Zero Trust Security Architectures. In: Jahankhani, H., Kendzierskyj, S., Akhgar, B. (eds) Information Security Technologies for Controlling Pandemics. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-72120-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-72120-6_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-72119-0

  • Online ISBN: 978-3-030-72120-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation