The document outlines the concept of Zero Trust architecture and its importance in enhancing cybersecurity by ensuring that all access to services is authenticated, authorized, and encrypted regardless of network location. It emphasizes the need for strong user and device identities, dynamic authentication, and continuous monitoring to protect enterprise resources. The document also discusses practical steps for implementing Zero Trust across user access, application workloads, and network security.

2. How Zero Trust
Makes the Mission
Simpler & Secure
Dug Song, Duo Security

3. © 2020 Cisco and/or its affiliates. All rights reserved.
2010
A Decade of Data Breaches
Source: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

4. CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
2010

5. © 2020 Cisco and/or its affiliates. All rights reserved.
RSA Breach & Impact
2011

6. © 2020 Cisco and/or its affiliates. All rights reserved.
2014
If an adversary has the credentials of
a user on the network, then they can
access data even if it's encrypted, just
as the users on the network have to
access data, and that did occur in this
case.
So encryption in this instance would
not have protected this data.

7. © 2020 Cisco and/or its affiliates. All rights reserved.
2015
In the next 30 days we know there
is a set of things we can do that
will fairly dramatically improve our
security profile... liketwo-factor
authentication, patching,
minimizing the number of
system administrators that you
have and so on.
Tony Scott’s 30-day Cyber Sprint

8. © 2020 Cisco and/or its affiliates. All rights reserved.
Google to Obama: Nation’s Cybersecurity Priorities
✓ Strong Authentication
✓ Up-to-Date Devices
✓ End-to-End Encryption

9. © 2020 Cisco and/or its affiliates. All rights reserved.
✓ Strong Authentication
✓ Up-to-Date Devices
✓ CDM & Monitoring
2016

13. © 2020 Cisco and/or its affiliates. All rights reserved.
People TechnologySecurity

15. © 2020 Cisco and/or its affiliates. All rights reserved.

16. © 2020 Cisco and/or its affiliates. All rights reserved.

17. © 2020 Cisco and/or its affiliates. All rights reserved.
2013

18. © 2020 Cisco and/or its affiliates. All rights reserved.
2016

19. © 2020 Cisco and/or its affiliates. All rights reserved.
BeyondCorp (2014) 800-207: Zero Trust Architecture (2019) Zero Trust Architecture (2019)
Connecting from a
particular network must
not determine which
services you can access
All communication is secure regardless of network location Don’t trust the network, including the local network
Access to services is
granted based on what we
know about you and your
device
Access to resources is determined by policy, including the
observable state of user identity and the requesting system, and
may include other behavioral attributes
Create a single strong user identity
Create a strong device identity
Know the health of your devices and services
Set policies according to value of the service or data
All access to services
must be authenticated,
authorized, and encrypted
All data sources and computing services are considered
resources
Know your architecture including users, devices, and
services
Access to individual enterprise resources is granted on a
per-connection basis
Control access to your services and data
Choose services designed for zero trust
User authentication is dynamic and strictly enforced before
access is allowed
Authenticate everywhere
The enterprise ensures all owned and associated systems are in
the most secure state possible and monitors systems to ensure
that they remain in the most secure state possible
Focus your monitoring on devices and services

20. © 2020 Cisco and/or its affiliates. All rights reserved.
Securing the enterprise
User and device access Application and workload access Network access
Workforce Workload Workplace
SaaS &
Public cloud
Access happens everywhere – how do you get visibility
and ensure secure, trusted access?

21. © 2020 Cisco and/or its affiliates. All rights reserved.
User and device access
Zero Trust for the Workforce
What to do: How to do it:
Verify users’ identities Multifactor Authentication
Gain device visibility
and establish trust
Endpoint health and
management status
Enforce access policies
for every app
Adaptive and role-based
access controls

22. © 2020 Cisco and/or its affiliates. All rights reserved.
Application and workload access
Zero Trust for the Workload
What to do: How to do it:
Gain visibility into what’s
running and what’s critical
Identify workload dependencies
Contain breaches and
minimize lateral movement Application segmentation
Alert or block communication
if policy is violated
Continuous monitoring & response
to indicators of compromise

23. © 2020 Cisco and/or its affiliates. All rights reserved.
Zero Trust for the Workplace Network access
What to do: How to do it:
Discover and classify users, devices
and apps on your network
Network authentication,
profiling authorization
Grant the right level of network
access based on user and
device context
Network segmentation
Contain infected endpoints and
restrict network access
Continuous monitoring
and responding to threats

24. © 2020 Cisco and/or its affiliates. All rights reserved.
Workforce
Duo
Workload
Tetration
Workplace
SD-Access
Security
ensured
today and for
the future with
Zero Trust

25. © 2020 Cisco and/or its affiliates. All rights reserved.
Cisco is
a leader
in Zero Trust
The Forrester Wave™: Zero Trust eXtended Ecosystem
Platform Providers, Q4 2019
Tools And Technology: The Zero Trust Security Playbook
October 29, 2019
The Forrester Wave™ is copyrighted by Forrester Research, Inc.
Forrester and Forrester Wave are trademarks of Forrester Research, Inc.
The Forrester Wave is a graphical representation of Forrester's call on a
market and is plotted using a detailed spreadsheet with exposed scores,
weightings, and comments. Forrester does not endorse any vendor,
product, or service depicted in the Forrester Wave. Information is based
on best available resources. Opinions reflect judgment at the time and are
subject to change.