Skip to content
Online Publication | Zero Trust Architecture

Best design practices in one book.

Akbarth3great (Umair Akbar): Zero Trust Networks: A Practical Approach to Implementation. It doesn’t have to be difficult. In this publication, I explain step-by-step on what even is a zero trust network. We then slowly work our way to the advanced stuff; implementation, mitigations, software protocols and edge cases. Every few weeks we will release a new chapter!

Zero Trust Overview

What we cover about zero trust encryption in this research paper

Case Study: Google BeyondCorp

Starting in November 2014, Google published a series of articles in ;login: describing a new and groundbreaking security model it was deploying to its entire corporate network.

Encryption Versus Authentication

ncryption and authenticity often go hand in hand, yet serve distinctly separate purposes. Encryption ensures confidentiality—the promise that only the receiver can read the data you send. Authentication enables a receiver to validate that the message was sent by the thing it is claiming to be.

What Makes Good Policy?

The reality today is that zero trust policy is still not standardized in the same way as a network-oriented policy. As a result, defining the standard policy language used in a zero trust network is a great opportunity.

Zero Trust Fundamentals from the Basics to Advanced Implementation

Transitioning to a new network security paradigm doesn’t happen overnight, and requires coordination and interaction among multiple teams. At large enterprise scale, it’s impossible to delegate the entire transition to a single team. The migration will likely involve some backward-incompatible changes that need sufficient management support

In our experience, the success of the transition largely depended on how easy it was for teams to successfully set up their service behind the Access Proxy. Making the lives of developers easier should be a primary goal, so keep the number of surprises to a minimum. 

{ Umair Akbar }

akbarth3great umair akbar


How do zero trust encryption networks work?

A zero trust network is built upon five fundamental assertions:

• The network is always assumed to be hostile.

• External and internal threats exist on the network at all times.

• Network locality is not sufficient for deciding trust in a network.

• Every device, user, and network flow is authenticated and authorized.

• Policies must be dynamic and calculated from as many sources of data as possible.



Evolution of the Perimeter Model

he traditional architecture described in this book is often referred to as the perimeter model, after the castle-wall approach used in physical security. This approach protects sensitive items by building lines of defenses that an intruder must penetrate before gaining access. Unfortunately, this approach is fundamentally flawed in the context of computer networks and no longer suffices. In order to fully understand the failure, it is useful to recall how the current model was arrived at.

More than 400,000,000 MILLION Humans
WERE AFFECTED BY DATA BREACHES, stolen passwords, and identity theft.

It is time to put an end to this.

Umair Akbar's Bio

About the author

Hi. My name is Umair Akbar. I go by Akbarth3great sometimes. Here’s a brief overview of what I do:

  • I architect cloud-based systems for companies that are based on these tenets:
    • Resiliency – If something “goes wrong” in the code; the program is able to self-heal or continue without affecting the entire system itself.
    • Highly-available – The system is ideally available at all times; the system converges towards an error-free state and is therefore self stabilizing.
    • Redundancy – There should will always be multiple identical instances of the system and it will switch to one of the redundant instances in case of failover.
    • I write about highly efficient, redundant systems here and here.

In a time where network surveillance is ubiquitous, we find ourselves having a hard time knowing who to trust. Can we trust that our internet traffic will be safe from eavesdropping? Certainly not! What about that provider you leased your fiber from? Or that contracted technician who was in your datacenter yesterday working on the cabling?

Mary Scott
Managing Partner, Consulting Firm

The assumption that systems and traffic within a datacenter can be trusted is flawed. Modern networks and usage patterns no longer echo those that made perimeter defense make sense many years ago. As a result, moving freely within a “secure” infra‐ structure is frequently trivial once a single host or link there has been compromised.

Alex Donelson
Principal Engineer

Subscribe to Umair's newsletter for updates

Weekly emails from Umair Akbar (Akbarth3great) himself. They will contain weekly cloud security tips and security measures.

No spam. We don’t intend to sell your email. Nor will we charge for this book. Knowledge should be free.

Follow on my Socials