The document outlines a zero trust adoption journey for organizations, focusing on secure access to applications and data in both public and private cloud environments. It emphasizes the implementation of zero trust networks with features like micro-segmentation, mutual TLS, and end-to-end encryption to enhance security against cyber threats. The stages of adoption include securing internal applications, enabling secure B2B communications, and incorporating zero trust application access methods such as SDKs and connectors.

1. NetFoundry – Zero Trust Customer Adoption Journey

2. Public cloud
Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Private cloud
Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Operations Mgmt-Engineers on
any device
Stage 1
IOT Endpoints
Traditional
or
Modern
Apps
On-prem Facilities/-Edge App Stack/
Application access/ Soln management
Ziti Fabric
Edge Router
Network Controller
Ziti Tunnel
Fabric Router
Ziti SDK
Mobile Endpoint
BrowZer for Web Apps
App Users on Desktop & Mobile
Your private zero trust mesh

3. • Implement Zero Trust Access for apps hosted by the organization in public / private clouds for employee access
• Move multi-cloud networks to zero trust access including estates such as branch offices, factories etc
• Use a choice of endpoint based and browser based zero trust to accelerate implementation
• If edge / IOT is critical for the organization, move them to zero trust networks
You would achieve
1. Dark networks - Close all inbound ports across all your perimeters for private apps – reduce the scope of attacks
originated from the internet
2. Micro segmentation aka least privilege access for resources and apps in the network
3. mTLS based two way trust based on x.509 certs
4. E2E encryption via poly 1305 cha cha 20
5. Visibility and control of all traffic via the private ZT network
Stage 1

4. Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Traditional
or
Modern
Apps
Public cloud
Private cloud
Partner or Customer Private/ Public cloud
B2B users / apps / devices
Operations Mgmt-Engineers on
any device
IOT Endpoints
Stage 2
BrowZer for Web Apps
Ziti Fabric
Edge Router
Network Controller
Ziti Tunnel
Fabric Router
Ziti SDK
Mobile Endpoint
B2B
On-prem Facilities/-Edge App Stack/
Application access/ Soln management
App Users on Desktop & Mobile
Your private zero trust mesh

5. • Implement Zero Trust Access for connecting to partner and customer DC / cloud – example secure API access, data streaming
etc. You are not secure unless you closed all vulnerable points.
• Bring in B2B users , apps and workloads under zero trust access – apps and resources that you host
• Use a choice of endpoint based and browser based zero trust to accelerate implementation for users outside your organization
• Get managed service providers offering services to your organization to access resources via zero trust networks
You would achieve
1. ZT networks for your data / apps used by 3rd party users or apps or devices
2. ZT for secure B2B communication between apps
3. Close all holes for private network access from the internet
4. A clear ZT micro segmented network for internal / external apps / data and users that is under your security controls
Stage 2

6. Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Data base
Serverless
API GW / API
APP Server
Kubernetes
Data Streaming
Traditional
or
Modern
Apps
Public cloud
Private cloud
Partner or Customer Private/ Public cloud
BrowZer for Web Apps
Application embedded ZT
IOT Endpoints
Stage 3
Ziti Fabric
Edge Router
Network Controller
Ziti Tunnel
Fabric Router
Ziti SDK
Mobile Endpoint
B2B users / apps / devices
B2B
On-prem Facilities/-Edge App Stack/
Application access/ Soln management
App Users on Desktop & Mobile
Your private zero trust mesh

7. • Implement Zero Trust Access for apps via ZTAA ( Zero Trust Application Access) using SDKs, connectors etc
• The best form of ZT implementation between apps ( client – app or app - app)
• Implement ZT networks for solutions deployed internally or for your customers– example software automation tools
(such as Jenkins, salt etc), software or hardware products
You would achieve
1. Zero trust network all the way till the apps or the last point of data
2. The most secure ZT that removes the need for installing endpoints and managing them
3. Shift left security in place of bolted on appliance based security
4. A model where security is thought of and implemented during application or solution development
Stage 3