Project Zero Trust

Author: George Finney
Publisher: Wiley
Pages: 224
ISBN: 978-1119884842
Print: 1119884845
Kindle: B0B99BJF2V
Audience: General
Rating: 4.5
Reviewer: Kay Ewbank

What's the best way to learn about how to build a zero trust environment? This book takes the route of telling a story about how an organization is attacked and fights back.

This book is written as a novel, or at least a set of interconnected stories, rather than a how to guide. The hero of the book is Dylan, a new IT Director at a company that experiences a ransomware attack on his first day.

 

Banner

Zero trust, the elimination of trust from digital systems, has gained ground over recent years. It sets out the idea that anybody who has access to an organization's network, whether from inside or outside, has to be authenticated and authorized, and be validated on an ongoing basis before they can gain access to any applications or data. The definition of the network is anywhere, locally or in the cloud, with resources and workers anywhere. 

zerotrust

The book opens with a foreword by the inventor of zero trust, John Kindervag. The novel then kicks off with a chapter on the case for zero trust. In this initial chapter, Dylan gets up, goes on his treadmill at 5am, but is alerted to a cyberattack at his new company, and the rest of the chapter describes his first day dealing with it. As with the rest of the book, the chapter ends with a section on the key takeaways (presumably in case you're too engrossed to notice the science bits.)

The next chapter looks at how to have zero trust as a strategy, with key takeaways of the principles of zero trust, the design methodology and the implementation curve. 

A chapter on trust being a vulnerability comes next, and opens with Dylan managing to walk his way through the physical office without being challenged by looking confident and being on his phone apparently on a call, and a discussion of how easy it would be to circumvent ID badges for opening doors anyway.

A chapter on 'the crown jewels' in the form of the ERP system and its data comes next, followed by 'the identity cornerstone' where the identity and access settings for the employees and clients are under scrutiny.

The next couple of chapters look at applying zero trust principles to devops, SOCs, and cloud storage and access.

The book ends with chapters on how to have a sustainable zero trust culture, and how every step matters and how to improve once you've got a zero trust strategy up and running. There are also a few useful appendices giving links and tables of useful info.

Overall, this format worked well as a backbone for getting across the zero security message. The book is well written and the story parts don't come across as irritating or cheesy. If you need to get someone non-techie to understand the concept, this would be a good choice.

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Coding All-In-One For Dummies

Author: Chris Minnick
Publisher: For Dummies
Pages: 912
ISBN: 978-1119889564
Print: 1119889561
Kindle: B0B5BBNW9L
Audience: People wanting to learn to code in JavaScript, Flutter and Python
Rating: 3.5
Reviewer: Kay Ewbank

This book is described as offering an ideal starting place for learning th [ ... ]



Python Programming with Design Patterns

Author: James W. Cooper
Publisher: Addison-Wesley
Date: February 2022
Pages: 352
ISBN: 978-0137579938
Print: 0137579934
Kindle: B09D2RKQB5
Audience: Python developers
Rating: 1
Reviewer: Mike James
There was a time that design patterns were all the thing. Not so much now. But Python - does it have [ ... ]


More Reviews

Last Updated ( Tuesday, 20 December 2022 )