Interview with the Founder: Zero Trust Model founder, John Kindervag

Show Notes

In this episode of Radio Cloud Native, former host John Jainschigg, Director of Open Source Initiatives for Mirantis, returns to provide a great interview with one of the founders of the Zero Trust model for cybersecurity, John Kindervag. He has authored many blog articles and much of the open source documentation of Zero Trust, and is one of the most knowledgeable cybersecurity experts in the cloud space.

In the interview, you will hear directly from John Kindervag about how the Zero Trust model was initially created, how it has evolved over the years, how it can actually be implemented into a realistic, enterprise security framework, and a host of examples of why Zero Trust may be an ideal security posture for your Org. John's responses touch on both the technical development and operations side, serving as a valuable resource for a variety of IT professionals and software hobbyists. 

A full list of what's discussed in the interview:

• Cybersecurity landscape before Zero Trust
• Concept of "trust" in Zero Trust model
• Zero Trust - technical POV
• Zero trust and the Principle of Least Privilege
• Implementing Zero Trust
• Defense in Depth vs Zero Trust
• Zero Trust streamlines cybersecurity
• AWS S3 Gateway vulnerability example
• Application vs Infrastructure security
• Securing Apps under Zero Trust
• Achieving Zero Trust

If you want to listen to more episodes of Radio Cloud Native, please visit https://www.mirantis.com/radiocloudnative/ to download, or find them wherever you prefer to consume your podcasts.

If you are interested in contributing to Radio Cloud Native, please reach out to our podcast team: podcasts@mirantis.com

Chapters

• 0:00: Intro
• 1:31: Q: Before Zero Trust, what were the dominate models for cybersecurity?
• 2:48: Q: Why is the concept of "trust" problematic in cybersecurity?
• 9:11: Q: How does Zero Trust work from a technical perspective?
• 11:49: Q: How does this relate to the principle of least privilege?
• 13:11: Q: How do you implement Zero Trust in the real world?
• 15:55: Q: How is Defense in Depth different from Zero Trust?
• 20:18: Q: How does Zero Trust simplify & enhance the cybersecurity process?
• 22:49: Real World Example: AWS S3 Gateway Attacked
• 25:00: Application vs Infrastructure security under Zero Trust
• 26:18: Q: Who is responsible for securing Apps under Zero Trust?
• 29:29: Zero Trust is achievable
• 31:49: Outro