2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
comforte’s review of NonStop TBC2021 and an introduction to zero trust
The second all-virtual NonStop Technical Boot Camp took place in the first week of October. Three days packed with keynotes, presentations, panel discussions, and demos with about 1,000 attendees! A big Thank you goes to the Connect team and the HPE NonStop product management team, and anyone else who helped making this event successful!
Most of the sessions were pre-recorded, which helped to deliver a smooth conference experience. People are more used to online platforms by now like Whova and Zoom, which made it easier to navigate the many sessions and chat groups.
While we are all missing the face-to-face social interaction at the booth, the beer bust, and in presentations (the Whova exhibitor space cannot match the level of interaction), this was a well-run virtual event.
We learned about HPE’s GreenLake offering and how NonStop is playing part in this context today and in the near future providing NonStop metering to allow usage of NonStop workloads which is smaller than 100%.
The security track on the agenda was traditionally strong, and the discussion centred on access management, data protection and the concepts of zero trust and data-centric security.
The following paragraphs pick-up on the topic providing an introduction to zero trust.
Why Data Protection is the Keystone for Zero Trust
Zero Trust has a nice ring to it, in a firm and sort of non-compromising way. Not only does it sound serious, it sounds pretty final too. I mean, if you’re chastising somebody (like a wayward teenager) and say, “After this, I have zero trust in you, son!” Well, that sounds pretty firm and really definite. Sorry, son, you’re simply not getting the keys to the car, and that’s final.
If you’re in cybersecurity (or perhaps more generally in IT), then you’ve at least heard the phrase Zero Trust (or ZT). If you don’t delve into the specifics of it (reading the many white papers and position pieces on ZT), you might wonder whether the concept is more of an obstacle to the free flow of data within the enterprise. If we have zero trust across the network, doesn’t that mean we don’t share any data or services with anybody or anything? So much for the free flow of information…
Of course, that would be a ridiculous framework to implement, so you have to dig a little deeper than just the name to understand what Zero Trust is and why it might be a valuable framework to adopt, at least in part. Oh yeah, that’s what ZT is, by the way—it’s a suggested framework for a generic IT architecture that takes a different spin on the extension of privilege to entities trying to access data or services within your IT environment. But I think I’m getting ahead of myself, so let’s try to define it using the simplest concepts possible.
Zero Trust is at its heart a collection of IT security design principles attempting to reduce or eliminate the chances of the wrong entity (we’ll use the term “user” or “device” from now on) getting a hold of vital information or resources possessed by your organization. NIST, which is the National Institute of Standards and Technology in the US, has some great resources about ZT and provides some equally helpful definitions. According to NIST, ZT at its core removes any implicit trust or privilege, which might be granted to users or devices based on where those people/things are physically or on the network (NIST Special Publication 800-207).
CTA ‘continue reading about zero trust’