The idea of trust in the technical landscape is rapidly changing with cloud infrastructure and increased reliance on interdependent applications. Causing system designers to re-evaluate a means to approach security. Often in the past networks were secured with the idea of a “walled garden” where you have a secure perimeter around your technical assets with different levels and segmentation between certain zones. This exposed the All-or-Nothing trust system embedded in these networks, once users were past the perimeter, they were fully trusted. Today, organizations are moving towards having their business operations hosted in the cloud, often combining multiple providers and products. The idea of creating a wall around your internal systems in this new landscape is impossible. Zero Trust Networks are a response to both the previous approaches to security as well as this changing landscape. By employing constant monitoring, scoring and constraining users' actions Zero Trust Networks disregards any implicit trustworthiness of individuals instead focusing on predefined metrics of trust.
Our project was built on some of the fundemental concepts of Zero Trust. The information available online is sparse with little actual details on what tools to use nor available detailed roadmaps for creating a Zero Trust Network. We decided to build a small Zero Trust environment that would mimic the authentication and authorization measures that could be employed in a small enterprise environment. Most the tools used are open source and a few components our our network required building own programs.