Zero Trust Architecture

Today's organizations need a new security model that more effectively adapts to the complexity and risks of modern environments, embraces hybrid workplaces, and protects people, devices, apps, and data wherever they're located. Zero Trust is the first model with the potential to do all that. Zero Trust Architecture: Theory, Implementation, Maintenance, and Growth is the first comprehensive guide for architects, engineers, and other technical professionals who want to move from Zero Trust theory to implementation and successful ongoing operation.

A team of Cisco's leading experts and implementers offer the most comprehensive and substantive guide to Zero Trust, bringing clarity, vision, practical definitions, and real-world expertise to a space that's been overwhelmed with hype. The authors explain why Zero Trust identity-based models can enable greater flexibility, simpler operations, intuitive context in the implementation and management of least privilege security. Then, building on Cisco's own model, they systematically illuminate methodologies, supporting technologies, and integrations required on the journey to any Zero Trust identity-based model.

Through real world experiences and case study examples, you'll learn what questions to ask, how to start planning, what exists today, what solution components still must emerge and evolve, and how to drive value in the short-term as you execute on your journey towards Zero Trust.

現今的組織需要一個新的安全模型，以更有效地適應現代環境的複雜性和風險，擁抱混合工作場所，並保護人員、設備、應用程式和數據在任何位置的安全。零信任是第一個有潛力實現所有這些目標的模型。《零信任架構：理論、實施、維護和成長》是第一本針對架構師、工程師和其他技術專業人員的全面指南，他們希望從零信任理論轉向實施和成功運營。

Cisco的領先專家和實施者團隊提供了最全面、實質性的零信任指南，為這個被炒作過度的領域帶來了清晰度、視野、實用定義和實際經驗。作者們解釋了為什麼基於身份的零信任模型可以實現更大的靈活性、更簡單的操作，以及在最小特權安全的實施和管理中提供直觀的上下文。然後，基於Cisco自己的模型，他們系統地闡明了在任何基於身份的零信任模型之旅中所需的方法論、支援技術和整合。

通過真實世界的經驗和案例示例，您將學習到應該提出哪些問題，如何開始規劃，現有的解決方案組件，仍需出現和發展的解決方案組件，以及如何在短期內創造價值，並在實施零信任的過程中實現您的目標。

Cindy Green-Ortiz is a Cisco senior security architect, cybersecurity strategist, architect, and entrepreneur. She works in the Customer Experience, Global Enterprise Segment for Cisco. She holds the CISSP, CISM, CSSLP, CRISC, PMP, and CSM Certifications, along with two degrees--a BS-CIS Magna Cum Laude and AS-CIS with Honors. She has been with Cisco for 6+ years. Cindy has been in the cybersecurity field for 40 years, where she has held D-CIO, D-CISO, and Corporate Security Architecture Leadership roles, founding two technology businesses as CEO. Cindy is a Cisco Chairman's Club winner (Club Cisco). She is an active blogger for Cisco and has published whitepapers for Cisco and the US Department of Homeland Security. She has spoken to many groups, including PMI International Information Systems & Technology Symposium-Cybersecurity Keynote; Cisco SecCon, and Cisco Live. Cindy is President Emeritus and serves now as the treasurer of Charlotte InfraGard and cofounder of the InfraGard CyberCamp. Cindy lives in Charlotte, North Carolina, with her amazing husband, Erick, and their two wonderful daughters. Cindy and her family love to travel and see the world.

Brandon Fowler is a technical leader for Cisco Customer Experience Professional Services. He holds both CCNP Security and ITIL v4 foundation certifications. Brandon joined Cisco in 2018 with more than 12 years of experience across enterprise networking and security domains. For the past 8 years, his focus has been on identity, access management, and segmentation with expertise across multiple industry verticals, including retail and distribution, hospitality and entertainment, financial services, and healthcare. Additionally, he has helped to develop some of Cisco's current Zero Trust service offerings. Brandon also helps mentor and advise other employees within Cisco and enjoys being challenged and learning new technologies. In his personal time, he enjoys working on cars, photography, and video gaming.

David Houck is a security architect, mentor, and advocate. He has been working with Cisco Customer Experience since 2011. David leads delivery teams in implementing solutions globally to financial, energy, retail, healthcare, and manufacturing organizations that focus on identifying and meeting technical and business outcomes. He has presented on the value and implementation of Cisco solutions globally to customers, partners, and internal audiences. David has worked in networking and security since 2005, with experience in service provider voice, infrastructure, ISP operations, plus data center design and operation before coming to Cisco to focus on security solutions and architecture. He enjoys mentoring to provide experiences and opportunities to see others flourish.

Hank Hensel is a senior security architect working for Cisco's CX Security Services providing security consultation, assessment, and design advisory services to Cisco's US and international customers. Hank has worked more than 30 years (7 years at Cisco) in leadership positions in IT systems, cybersecurity, design, and integration. Hank's areas of expertise include security and infrastructure, project management, disaster recovery, business continuity, risk analysis and mitigation, data mapping, data classification, and cybersecurity infrastructure design. Hank has displayed his expertise and leadership in several different industries, including international banking and finance, healthcare, pharmaceutical, energy, renewable energy, oil and gas, passenger and transit rail, manufacturing, mining, wet infrastructure, chemical, nuclear enrichment, public sector

defense, municipality and state infrastructure, and law enforcement. Hank's expertise and extensive training in networking, security, and strong focus with industrial control systems allow him to engage in nearly all areas of a customer's operations, policies, and practices. Hank holds CCIE (# 3577), CISSP, GICSP, and CMMC-RP, and other certifications. Hank practices Cisco's core values in all customer engagements, which have directly contributed to his consistent project successes in every engagement he has been involved in. Hank's success can be attributed to these values and their consistent culmination by being recognized as a "Trusted Advisor" in nearly every engagement he has been a part of for Cisco. Hank's role of trust and deep experience extend beyond customer relationships to new service offerings development and Cisco team support. Hank was the original developer of the current CX advisory segmentation service offering that has been in use for the last seven years and has contributed to the development of the new CX advisory Zero Trust service offering. Finally, Hank is currently contributing to building a consulting service offering for the renewables energy sector.

Patrick Lloyd is a senior solutions architect for Cisco's Customer Experience Security Services team. He focuses on identity and access management, including segmentation, network access control, identity

exchange, and identity integration in the Northeast United States and Canada region. Patrick has worked in technology delivery at Cisco for 13 years, ranging from stints in the technical assistance center (TAC), working as a routing and switching design engineer, security design engineer, and solutions architect. His focus is guiding customers through introducing visibility and identity exchange to minimize business risk and lateral attack vectors. Previously, Patrick worked in higher education and defense industries in system administration and operational roles. Patrick has extensive experience in integrating identity into various industries, including healthcare, manufacturing, finance, and defense. Utilizing Cisco technologies and the methodologies covered in this book to build a layered security model, Patrick has architected segmentation architectures, including smart building architectures, for more than 100 customers. Patrick's technology focuses span from TrustSec for segmentation, analyzing traffic flow with Cisco Secure Network Analytics/Stealthwatch for development of segmentation policies, implementing firewall and advanced malware protection, and securing critical building systems through policy and segmentation while maintaining availability. Patrick resides in Durham, North Carolina, where he teaches self-defense and is a student pilot when not consumed with technology.

Andrew McDonald is a Cisco network and security architect; he works in the Customer Experience, Security Advisory team for Cisco. He specializes in leading delivery teams creating network segmentation and Zero Trust designs and implementation plans. He has been with Cisco for more than 22 years, working as an escalation engineer, network consulting engineer, systems integration architect, and security architect. Andrew has worked with global customers in all industry verticals and at every level, from front-line support engineers to C-suite executives across multiple technical disciplines. Andrew has worked in the networking and communications industry for more than 40 years. In 1981, he started as a telecommunications technician for Digital Equipment Corporation, where he developed an entry level into a lifelong career.

Jason Frazier is a principal engineer with the Network Services group in Cisco IT. In his current role, Jason focuses on Zero Trust technologies, Cisco DNA, operational excellence, automation, and security. Jason

has deep knowledge of networking technologies, including programmability, enterprise network architecture, and identity. Jason joined Cisco in 1999. He is known throughout the company for his work ethic, passion, loyalty, and drive. Jason currently holds nine patents. For Cisco Live, he is a veteran speaker, hackathon coordinator, blogger, booth orchestrator, or anything called for. Jason is also the author of Cisco Press books.

Jason has been happily married to his wife, Christy, for 22 years. Their oldest son, Davis (16), is Jason's best friend. Jason is also wrapped around the finger of their daughter, Sidney (14). Most nonwork time is spent doing something with or for his kids. He likes to spend time on a bike, when possible. Jason and family like to travel when they can. As a computer engineering graduate of NC State University, Jason and his family enjoy Wolfpack sporting events as well.

Cindy Green-Ortiz是思科的高級安全架構師、網絡安全策略師、架構師和企業家。她在思科的客戶體驗、全球企業部門工作。她擁有CISSP、CISM、CSSLP、CRISC、PMP和CSM等證書，以及兩個學位——BS-CIS Magna Cum Laude和AS-CIS with Honors。她在思科工作了6年以上。Cindy在網絡安全領域已有40年的經驗，曾擔任D-CIO、D-CISO和企業安全架構領導職務，並擔任兩家科技公司的首席執行官。Cindy是思科主席俱樂部的獲獎者（Club Cisco）。她是思科的活躍博主，並為思科和美國國土安全部發表了白皮書。她曾向許多團體演講，包括PMI國際信息系統和技術研討會-網絡安全主題演講、思科SecCon和思科Live。Cindy是夏洛特InfraGard的前任主席，現任財務主管，也是InfraGard CyberCamp的共同創辦人。Cindy與她了不起的丈夫Erick和兩個美好的女兒一起居住在北卡羅來納州的夏洛特。Cindy和她的家人喜歡旅行，看世界。

Brandon Fowler是思科客戶體驗專業服務的技術領導者。他擁有CCNP Security和ITIL v4基礎證書。Brandon於2018年加入思科，擁有超過12年的企業網絡和安全領域經驗。在過去的8年中，他的重點是身份、訪問管理和分割，並在多個行業垂直領域（包括零售和分銷、酒店和娛樂、金融服務和醫療保健）具有專業知識。此外，他還幫助開發了一些思科目前的零信任服務。Brandon還幫助指導和建議思科內部的其他員工，並喜歡接受挑戰和學習新技術。在個人時間裡，他喜歡修車、攝影和電子遊戲。

David Houck是一位安全架構師、導師和倡導者。他自2011年以來一直在思科客戶體驗部門工作。David領導交付團隊在全球金融、能源、零售、醫療保健和製造組織中實施解決方案，重點是確定和滿足技術和業務目標。他曾向客戶、合作夥伴和內部觀眾全球展示了思科解決方案的價值和實施。David自2005年以來一直從事網絡和安全工作，擁有服務提供商語音、基礎設施、ISP運營以及數據中心設計和運營的經驗，然後加入思科專注於安全解決方案和架構。他喜歡指導他人，提供經驗和機會，讓他人茁壯成長。

Hank Hensel是思科CX安全服務的高級安全架構師，為思科的美國和國際客戶提供安全諮詢、評估和設計咨詢服務。Hank在IT系統、網絡安全、設計和集成等領域擔任領導職務已有30多年（在思科工作了7年）。Hank的專業領域包括安全和基礎設施、項目管理、災難恢復、業務連續性、風險分析和緩解、數據映射、數據分類和網絡安全基礎設施設計。Hank在國際銀行和金融、醫療保健、制藥、能源、可再生能源、石油和天然氣、乘客和過境鐵路、製造、礦業、濕基礎設施、化學、核濃縮、公共部門防務、市政和國家基礎設施以及執法等多個行業展示了他的專業知識和領導能力。Hank在網絡、安全和工業控制系統方面的專業知識和廣泛培訓使他能夠參與客戶的幾乎所有領域。