Instant Ebook Access, One Click Away – Begin at ebooknice.

com

(Ebook) Zero-trust – An Introduction by Tom Madsen

ISBN 9788770228534, 8770228531

https://ebooknice.com/product/zero-trust-an-
introduction-54525474

OR CLICK BUTTON

DOWLOAD EBOOK

Get Instant Ebook Downloads – Browse at https://ebooknice.com

 Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...

Start reading on any device today!

(Ebook) Zero Trust Networks by Razi Rais

https://ebooknice.com/product/zero-trust-networks-55930960

ebooknice.com

(Ebook) Zero Trust Security: An Enterprise Guide by Jason Garbis, Jerry W. Chapman
ISBN 9781484267011, 148426701X

https://ebooknice.com/product/zero-trust-security-an-enterprise-guide-53658766

ebooknice.com

(Ebook) An Introduction to Non-Harmonic Fourier Series, Revised Edition, 93. by

Young, Robert M. ISBN 9780080495743, 0080495745

https://ebooknice.com/product/an-introduction-to-non-harmonic-fourier-series-
revised-edition-93-10433494

ebooknice.com

(Ebook) Zero Trust Networks with VMware NSX by Sreejith Keeriyattil ISBN
9781484254301, 1484254309

https://ebooknice.com/product/zero-trust-networks-with-vmware-nsx-56931484

ebooknice.com
(Ebook) Zero to Production in Rust: An Opinionated Introduction to Backend
Development by Palmieri, Luca

https://ebooknice.com/product/zero-to-production-in-rust-an-opinionated-
introduction-to-backend-development-38546010

ebooknice.com

(Ebook) Digital Photography: An Introduction by Tom Ang ISBN 9781465402158,

1465402152

https://ebooknice.com/product/digital-photography-an-introduction-6826138

ebooknice.com

(Ebook) General Topology: An Introduction by Tom Richmond ISBN 9783110686562,

3110686562

https://ebooknice.com/product/general-topology-an-introduction-12056862

ebooknice.com

(Ebook) Digital Photography: An introduction by Tom Ang ISBN 9781405319812,

140531981X

https://ebooknice.com/product/digital-photography-an-introduction-36878184

ebooknice.com

(Ebook) Archaeology: An Introduction by Hannah Cobb, Kevin Greene, Tom Moore

https://ebooknice.com/product/archaeology-an-introduction-55578264

ebooknice.com
Zero-trust – An Introduction
 Published 2024 by River Publishers
River Publishers
Alsbjergvej 10, 9260 Gistrup, Denmark
www.riverpublishers.com

Distributed exclusively by Routledge

605 Third Avenue, New York, NY 10017, USA
4 Park Square, Milton Park, Abingdon, Oxon OX14 4RN

Zero-trust – An Introduction / by Tom Madsen.

© 2024 River Publishers. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval systems, or transmitted in any form or by any
means, mechanical, photocopying, recording or otherwise, without prior written
permission of the publishers.

Routledge is an imprint of the Taylor & Francis Group, an informa

business

ISBN 978-87-7022-853-4 (paperback)

ISBN 978-10-4000-705-1 (online)

ISBN 978-1-003-46458-7 (ebook master)

A Publication in the River Publishers series

RAPIDS SERIES IN DIGITAL SECURITY AND FORENSICS

While every effort is made to provide dependable information, the

publisher, authors, and editors cannot be held responsible for any errors
or omissions.
 Zero-trust – An Introduction

Tom Madsen
Security Architect KMD

River Publishers
 Contents

About the Author ix

Introduction xi

1 Why Zero-trust 1
1.1 What is Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 The History of Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Why Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Operational Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.5 The Benefits of Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.6 Outro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 How to Zero Trust 9

2.1 The Politics of Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.2 Where to Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3 The Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4 A summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3 Zero Trust – The Networking Level 21

3.1 Zero-trust Security Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.2 Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.3 Segmentation/Micro Segmentation . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4 Software Defined Networking/Software Defined Access . . . . . . . . . . . . . . . 28

v
Contents

3.5 SD-WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.6 TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.7 RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.8 MFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.9 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.10 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.11 Outro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4 Zero Trust Identity 43

4.1 Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4.2 Azure AD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.3 Azure AD Tooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
4.4 Identity Governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
4.5 Authentication Strength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
4.6 Privileged Identity Management . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.7 IAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
4.8 Outro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

5 Cloud and Zero-trust 61

5.1 Cloud History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
5.2 The Future of Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5.3 Zero-trust and Cloud Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
5.4 Hybrid Cloud and Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6 5G and Zero-trust 73
6.1 What is new in 5G? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.2 Why 5G Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6.3 5G and Critical Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.4 Security of Cisco’s Private 5G Architecture . . . . . . . . . . . . . . . . . . . . . 77
6.5 5G and Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

7 Zero-trust Governance/Compliance 83
7.1 COBIT 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

vi
 Contents

7.2 IEC/ISO 27001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

7.3 SABSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
7.4 TOGAF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
7.5 NIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
7.6 IEC 62443 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
7.7 HIPAA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
7.8 CIS 18 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
7.9 Cloud Security Alliance – Cloud Control Matrix . . . . . . . . . . . . . . . . . . . 93
7.10 PCI DSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
7.11 Zero-trust Tooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
7.12 Zero-trust Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
7.13 The Art of War . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

8 OT Zero-trust Security 99
8.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
8.2 IT/OT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
8.3 OT Security Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
8.4 OT Zero-Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
8.5 OT Security Training/Certification . . . . . . . . . . . . . . . . . . . . . . . . . 111

9 Next Steps 113

9.1 Cisco . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
9.2 Microsoft/Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
9.3 Governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
9.4 5G . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
9.5 Operational Technology (OT) . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
9.6 The Future of Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Index 121

vii
 About the Author

Tom Madsen has 20+ years of experience in cybersecurity behind him,

across many different industry segments, like finance, medical, and systems
development in a secure manner. He is the author of many articles for a
local Danish online magazine and is a regular writer for www.cybersecuritry­
magazine.com. He has authored two other books: “The Art of War Fort Cyber
Security”, published by Springer, and “Security Architecture – How and Why”,
published by River Publishers.

ix
 Introduction

The aim of this book is to provide you with an introduction to the Zero Trust
concept and provide you with information that you can use in your cybersecurity
work, daily. Zero Trust as a concept in the cybersecurity industry is a new thing
and it is poorly defined currently.

In this book, I will not try to nail down and define a firm definition of Zero
Trust, as the concept is so new that there are as many opinions on Zero Trust, as
there are people with an opinion on Zero Trust. One thing I am going to define
though, is that Zerto Trust is not a product!!

Contrary to what many cybersecurity vendors are saying, buying a product

does not implement Zero Trust in your infrastructure! A product can, and does
help, implementing Zero Trust in your infrastructure. As I see it and remember
my comment about the number of opinions on Zero Trust from earlier, Zero
Trust is a way of thinking about security architecture. Using Zero Trust in
designing an infrastructure, or a software application, contributes greatly to
overall security of the application and infrastructure, but more on that during
this book.

Below is a list of chapters and short descriptions of the content of the

chapters:
• Chapter 1 – What is Zero Trust
◦ In this chapter I will elaborate on some of the benefits that using zero trust can
bring to your company/organization
• Chapter 2 – How to Zero Trust
◦ This chapter will give you some tools and concepts to use in your zero-trust
journey and cybersecurity career
• Chapter 3 – Zero Trust in the Network
◦ How to design a networking infrastructure to support zero trust and some advice
on tooling to help maintain and develop the zero trust in networking.

xi
Introduction

• Chapter 4 – Zero Trust identity

◦ Identity management and validation is at the core of any zero-trust project. How do
we use the various identities we all have in an infrastructure to zero-trust benefit?
• Chapter 5 – Cloud and Zero-trust
◦ Cloud computing can be a valuable tool for implementing a zero-trust network
architecture, providing flexibility, scalability, and robust security features.
• Chapter 6 – Zero Trust in OT/ICS Environments
◦ OT environments are increasing their integration with IT environments, creating an
ever increasing risk for compromise of the production systems in an organization.
In this chapter I will extend the zero-trust concept into the OT/ICS environment and
how that can benefit the security of the production systems.
• Chapter 6 – Zero-trust in 5G
◦ Private 5G is being implemented in many organizations, making the security of this
implementation of the utmost importance. In this chapter I will outline a zero-trust
strategy for private 5G deployments.
• Chapter 8 – Zero-trust Governance
◦ Without continued monitoring and maintenance, any zero-trust implementation
will surely degrade over time. IN this chapter I will outline some of the monitoring
that is needed to keep a zero-trust environment healthy and functioning as
intended.
• Chapter 9 – Zero Trust, the next steps
◦ Zero Trust is still a concept in flux. In this chapter I will try to give some advice on
how-to maintain and develop an infrastructure with a zero-trust mindset.

xii
 CHAPTER

Why Zero-trust

Until a few years ago, fencing systems with adequate firewalls and user ID
and passwords was considered enough. But those systems were still being
misused and hacked by cybercriminals using stolen credentials like user IDs
and passwords to act on behalf of the exposed user. This enabled the bad actors
to steal or manipulate information or even encrypt whole systems to obtain a
ransom to release the encryption keys used.

Working from home, working from own devices and increased use of cloud
services has added to the fact that the corporate network can no longer
be regarded as the primary security perimeter. The identities that use the
corporate systems are the primary perimeter, which must be secured and
protected.

The answer to these developments has been to introduce zero trust (ZT)
to the security architectures. ZT does not mean that nobody gets access; that
would be harmful to any business. But access must be given after thorough
verification and all communication must be encrypted. In essence, you must
approach security according to the saying “Trust is fine, but control is better”.

1.1 What is Zero Trust

Zero trust is difficult to pin down as a specific concept. There are as many
opinions on what zero trust is as there are people with an opinion on zero trust,
hence this book, which to try and build a collective understanding of zero trust.

1
Why Zero-trust

Zero trust architecture is not an off-the-shelf product. Instead, it is a

selection of tools and systems designed to enable cybersecurity paradigms
that move defenses from static, network-based perimeters to focus on users,
assets, and resources. The purpose of zero trust architecture is to provide
authentication and authorization for a company’s internal systems based on
users and what devices are used.

One benefit is that this enables every employee to work from untrusted
networks without the use of a VPN.

Zero trust has become the new black in the cybersecurity industry and
rightly so, since zero trust, if used correctly, can bring significant security
benefits to any infrastructure, weather it is an IT or an OT infrastructure.
That zero trust is defined differently by different people can be seen from the
definitions below. The first one is from NIST 800-207:

“Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that
move defences from static, network-based perimeters to focus on users, assets, and
resources”

The next one is taken from Wikipedia:

“The zero-trust security model (also, zero trust architecture, zero trust network
architecture, ZTA, ZTNA), sometimes known as perimeter less security, describes an
approach to the design and implementation of IT systems”

Two separate ways of defining zero trust that are, although overlapping in
some ways, still approaching the world of zero trust in diverse ways. No wonder
there are many opinions and definitions of zero trust.

1.2 The History of Zero Trust

Zero trust was coined as a term back in 1994 in a Ph.D. dissertation by Stephen
Marsh, on an idea that “trust” can be defined mathematically. In 2003 an
international group called the Jericho Forum began to study the problem, and
they defined it as “de-perimiterisation” and began eliminating the idea that the
internal network was a safe and protected place. Something that should have
happened when the first VPN connections from outside of the network were
implemented.

It took some time for the real world to catch up with the theory, but in
2009 Google created the BeyondCorp security model, which is now considered
an early approach to zero trust. NIST was the first of the governmental
organizations that created standards around the concept of zero trust. In 2018
they created SP 800-207 Zero Trust Architecture, updated in 2020.

2
 Why Zero-trust

NIST has decided to use zero trust as a way of looking at security

architecture, something we are in full in agreement with. Zero trust should
be seen as the overarching concept covering all the individual areas in an
architecture, as in Figure 1.1.

Figure 1.1: Zero-trust should be seen as a full stack architecture framework covering the full
spectrum of IT and applications.

When we see zero trust as a way of designing/architecting our IT systems,

zero trust becomes a concept that requires a quite broad set of skills to
implement and maintain. Look at Figure 1.1 to see just a subset of the
technologies we can apply zero trust to.

1.3 Why Zero Trust

With the number of breaches and the significant threat of malicious attacks
on our systems, we need to approach our security measures in a way that can
protect our organizations, and zero trust as a way of thinking while designing
and implementing these measures will bring significant benefits to this effort.

Why has zero trust become the new black now, if the concept was coined
back in 1994? Part of that answer is undoubtedly the recent pandemic we all

3
Why Zero-trust

suffered through, which disrupted the entire cybersecurity landscape. Many

people were sent home to work, exacerbating the already increased use of
devices and networks outside of the control systems of the enterprises. The
enterprises could no longer verify that the device in use was fully updated and
that the best practices defined by the organization were being followed.

The increased risks to the enterprises this brought forward, along with the
needs of the end users to access everything from everywhere in the cloud and
on-premises, quickly showed zero trust as a way of mitigating the risks of using
unknown devices to access everything from everywhere.

So, the pandemic contributed to the sudden success of zero trust, but it is
not the only factor. The massive increase in cyber-attacks has also increased
the political focus on the consequences to civilian life, especially the privacy
of citizens. This has meant a massive increase in the amount of regulation
that organizations must show compliance with. In the EU we have the GDPR,
which touches on any organization that does business within the EU. Similar
legislation is being created, or has already been created, in other parts of
the world. Organizations in medical or life sciences areas have the US HIPAA
legislation to comply with. Organizations dealing with credit card data must
comply with PCIDSS.

When we add all these together, we end up with a complex set of threats and
risks that an organization must consider when managing their IT infrastructure.
This makes zero trust a way of increasing the overall security of these systems;
this is what has brought zero trust forward as the new black.

1.4 Operational Technology

Operational technology, or OT, is a new challenge that cybersecurity

professionals must consider as part of their responsibilities. OT is the
technology that runs in powerplants, controls train signals, production systems
at manufacturing plants, water, electricity and many more systems. More
systems than we are aware of are depending on OT technologies.

In recent years these OT systems have become integrated with the IT

systems we are all familiar with. This integration means that the OT systems are
now accessible from outside of the organization running the OT infrastructure,
creating a risk to the OT infrastructure from hackers, and, make no mistake here,
OT systems are juicy targets for hackers, especially those working for nation
states. Ukraine has been suffering attacks against their OT infrastructure from
Russia repeatedly over the past 5 years, to a degree where they lost access to
power for several hundred thousand people for 12 hours during winter.

4
 Why Zero-trust

OT systems are not just a target for nation states. The Colonial Oil Pipeline
was attacked by ransomware in May 2021, shutting down the transportation of
oil from the Gulf of Mexico to the eastern states of USA. This resulted in a
fuel shortage for the airlines for instance, as well as panic buying by citizens
in several states from fear of running out. This just shows that attacks against
OT infrastructures can have an immediate impact on society, depending on the
criticality of the OT infrastructure.

I have an entire chapter on zero-trust for OT technologies and infrastructure

later in the book, where I will give you an introduction to OT terminology before
going into zero-trust benefits and steps for OT technology and infrastructure.

1.5 The Benefits of Zero Trust

The complexities laid out above all contribute to the rapidly increasing
complexity in our infrastructures. Going the zero-trust way does not invalidate
all the existing security measures we have implemented in our infrastructures,
but if we approach zero-trust in a well-considered way, we can utilize the existing
security tooling to implement zero trust.

Some of the core benefits can be seen in Figure 1.2.

Figure 1.2: The benefits that zero-trust will bring covers many areas where cybersecurity must
be seen as important.

5
Why Zero-trust

By going the zero-trust way in our infrastructure decisions, we gain all the
benefits from Figure 1.2, and at the same time we will gain increased insights
into our infrastructures. How? By continually verifying the accesses by our users
and applications, we will also continually log these accesses and thereby gain a
much deeper insight into the AAA usage in the infrastructure.

The logging and monitoring of a zero-trust architecture is of the utmost

importance! If we do not continually verify that our zero-trust architecture
is running as expected, we cannot be sure that we are running zero-trust as
originally designed and implemented. Zero trust might seem like overkill in
many situations, and the benefits difficult to identify for many organizations.
This is completely understandable, since zero-trust is an all-compassing concept,
touching on all areas of IT.

Advice on how to approach a zero-trust project will be detailed in the next

chapter, but before we leave behind this introductory chapter, I would like to
touch upon how such a project might be received by the end users. Zero trust is
an aggressive way to name a project. I have a client that has run into pushbacks
from the end users. Someone who has been working for an organization for
years, who is suddenly seen as a zero-trust entity, will understandably ask why
that is the case. I have seen zero-trust projects called maximize trust instead,
but we should still expect the users to ask questions, since they will see these
projects as questioning their integrity.

Getting the end users aboard zero-trust projects will require a great deal
of communication to make them understand the benefits, not just for the
organization, but for them as well. For instance, the possibilities for them being
hacked decreases with a zero-trust architecture.

1.6 Outro

Lastly, the technologies we are using for the examples in this book are from
Microsoft and Cisco. This does not constitute a recommendation, or an attempt
to convey that these vendors are the only ones that do zero trust. These are the
technologies that we are familiar with and are using in our daily work. If you
are using networking technology from the likes of HPE, Juniper or Palo Alto
Networks, the same recommendations and design advice apply to these vendors,
and these vendors can deliver the same level of zero trust in their technologies
as Cisco.

6
 Why Zero-trust

If your main software vendor is not Microsoft, but Oracle or SAP, your
main cloud provider Oracle or Salesforce, then yes, they can deliver the same
level of assurance for zero trust as Microsoft can. The steps will be different
of course, but there will be no difference in the level of zero trust, if done
right.

7
 CHAPTER

How to Zero Trust

In this chapter, I will give you some pointers on how to begin a zero-trust project,
but first let’s begin with a figure that shows the size and complexity of any
zero-trust project. Look at Figure 2.1.

Figure 2.1: Zero-trust requires that the user in the upper left corner gets validated through the
entire flow, before getting access to the application in the lower right.

We have a user in the top left, trying to access a resource on the lower right.
The flow demonstrates the possible checks a user must go through to access
the resource. Fortunately, many of these checks and systems are automated in

9
How to Zero Trust

nature, with no direct effect on the user experience, but it does demonstrate
the complexity of a zero-trust project.

A zero-trust project is an all or nothing effort. We cannot implement zero

trust for a subset of the infrastructure or systems, making zero trust a huge,
and often long term, effort in most organizations, but the overall benefits to the
cybersecurity of the organization should not be underestimated when deciding
on starting a zero-trust journey.

2.1 The Politics of Zero Trust

Before beginning a zero-trust project, there are some political issues to consider.
For instance, when you announce a zero-trust project, there will be some
users that push back against it, not necessarily because they are opposed to
the effort, but because they see the project as a signal, they are untrusted.
It might sound like this: I have been here for 10 years, why am I suddenly
untrusted? A fair response all thing considered; I am bringing this up to make
you aware that zero-trust can be seen as aggressive by the user community in an
organization.

You might ask, is that really a thing, push back from the users because of
the name? Yes, I have clients that have experienced this exact response! So,
bringing the users on board with a zero-trust project is important from the very
beginning, as well as communication that they are still trusted, even when we
are implementing a zero-trust architecture in the infrastructure.

This probable push back is also a reason for anchoring the zero-trust
project at the most senior level of the leadership in the organization. IT
cannot implement a zero-trust project without the support of the senior
leadership.

While zero trust originated in the field of cybersecurity, it has also gained
attention in the realm of politics and governance, particularly in discussions
surrounding national security, privacy, and data protection.

2.2 Where to Begin

Before beginning a zero-trust journey we must assess where the organization is,
maturity wise, regarding the overall cybersecurity. First, let us look at the three
pillars of zero-trust in Figure 2.2.

10
 How to Zero Trust

Figure 2.2: Most of the advice in this figure has been important for years, but with zero-trust it
gets incorporated into a framework.

Identities are the center of the basic pillars. These are not limited to persons
(employees, contractors, customers, etc.) but also technical identities like IOT
devices, robots, and applications.

Basically, there are as many implementations of zero-trust architectures as

there are vendors who offer solutions to implement zero trust. However, zero-
trust architectures do have some common features and core components of
which the most central are shown in Figure 2.3.

Figure 2.3: NIST provides good advice in their 800-207 document, the three points above are
especially important to a good zero-trust implementation.

11
How to Zero Trust

These definitions are from the NIST 800-207 standard, issued by the
National Institute of Standard and Technology under the US Department of
Commerce in 2020 as a reference architecture for zero-trust architectures.

There are examples of each of the above terms and technologies in

the chapters on zero trust in the network and identities, as used for zero-
trust purposes. In many cases companies and organizations will already have
systems in place that can be used as PE, PA and PEP in a zero-trust project,
making a zero-trust project a matter of allocating resources for the design and
implementation of zero trust in the infrastructure and not necessarily a matter
of investing in new hardware and software for the project. But make no mistake
here, the cost of a zero-trust project does not come from any investments in
hardware and software, it comes from the amount of time and resources needed
to assess and implement zero trust in an existing infrastructure.

The focus of a zero-trust architecture is on authentication, authorization

and minimizing implicit trust zones while minimizing delays caused by
authentication. In the abstract model below, which is borrowed from the NIST
800-207 standard, a user needs access to an enterprise resource. Access is
granted through the policy decision point (PDP) and the corresponding policy
enforcement point (PEP). The PDP must ensure that the subject is authentic
and is authorized to carry out the request. The implicit trust zone represents an
area where all the entities are trusted at least to the level of the last PDP/PEP
gateway.

The NIST 800-207 standard describes three variations in how zero trust can
be implemented. The variations, which supplement one another, are zero-trust
architecture using:
• Enhanced identity governance
• Micro-segmentation
• Network infrastructure and software defined perimeters.
Beginning a zero-trust project can seem overwhelming, but it is important to
start with a clear plan and a well-defined scope. Here are some steps to consider
when beginning a zero-trust project:
1. Define your project scope: Clearly define the scope of your project, including what resources
and services will be included and what level of security you are aiming for.
2. Identify critical assets: Identify the most critical assets that need to be protected, such as sensitive
data or key infrastructure components. This will help you prioritize your security efforts and
allocate resources effectively.
3. Assess your current security posture: Conduct a thorough assessment of your current security
posture to identify potential vulnerabilities and areas for improvement.

12
 How to Zero Trust

4. Develop a zero-trust architecture: Develop a zero-trust architecture that is tailored to your

specific needs and aligns with your project scope. This should include a detailed plan for access
control, network segmentation, and data protection.
5. Implement security controls: Implement the necessary security controls to support your zero-
trust architecture. This may include multi-factor authentication, encryption, and access controls.
6. Monitor and adjust: Continuously monitor and adjust your security controls as needed to ensure
that they are effective and that your zero-trust architecture remains up to date.
7. Train your staff: Train your staff on the principles of zero-trust security and how to implement
best practices to maintain a secure environment.
Remember that zero-trust security is an ongoing process, not a one-time project.
It requires constant monitoring, adjustment, and refinement to ensure that your
organization is protected against emerging threats.

2.2.1 Assessment

Before beginning a zero-trust project, you should perform an inventory and risk
assessment. The assessment is independent of what tool is used and must always
be carried out as part of a successful IAM implementation.

All identities must be assessed. Employees are obvious, but how about
contractors, robots, and technical accounts? How do you register employees and
contractors? In many cases this data is derived from the HR system, but the
data quality needs to be assessed. There are examples of IAM projects that
have exceeded the expected timeframe by 50% due to bad data quality from
the HR system and as such an IAM/IGA program may in some cases require an
HR cleanup.

For each application in use in your organization it is important to assess the

data shown in Figure 2.4.

Surprises frequently surface during the assessment of applications. With

easily accessible software- as-a-service (SaaS) solutions, business units often
run part of the business in an autonomous manner, without official knowledge
or approval from IT. Known as “shadow IT”, these applications often contain
critical company data, and the access to these or the business data within is
seldomly managed according to the organization’s standards.

Make no mistake here, doing a full assessment of the IT infrastructure is by

no means an easy job. It requires good documentation, a rare occurrence, and
an open dialogue with the various business departments to identify all SaaS
solutions they might have procured outside of the knowledge of IT.

13
How to Zero Trust

Figure 2.4: Assessing the data used and created in an organization is critical to a successful
implementation of zero-trust.

Where do we start such an assessment? Fortunately, there are many

frameworks that can be used as a basis for an assessment. Some of them are:
• CIS 18
• ISO 2700x
• COBIT
• NIST.
All of them list controls that can be used as the basis for a questionnaire for
an overall IT infrastructure assessment. In the case of CIS 18, you can even
download an Excel sheet with the individual controls and a list of sub-areas of
the main 18 control areas for free. ISO 2700x and COBIT will cost you some
money, but they are both well worth the cost, not just for a zero-trust project.

2.2.2 Classify

Classifying what you have is important, both systems and data. This way, you will
know where to focus and what to protect the most. There are usually standard
sets of classification parameters that can be used, but your organization may
also choose its own set of classifications. Every classification must have a risk
weight assigned to it. When applications and access rights have been classified
with risk weights, you are able to conduct risk-based reviews on identities,
systems and applications with high-risk profiles because they have access to
high-risk systems. There are some crucial questions that should be answered
for the application and access rights. These are given in Figure 2.5.

14
 How to Zero Trust

Figure 2.5: Like assessing the data from earlier in the chapter, assessing the access rights of
the users and the level of their rights is critical to zero-trust.

2.2.3 Access rights

A frequent problem is that users have too many access rights, which leads to the
risk that a compromised user will allow for an intruder to gain access to major
parts of the organization’s data and applications.

Zero trust access rights refer to the principle of granting access privileges
based on the specific needs and context of individual users, devices and
applications, rather than relying on broad trust assumptions. In a zero-
trust model, access rights are carefully managed and continuously evaluated,
regardless of whether the user is inside or outside the network perimeter.

Here are some key aspects of zero-trust access rights:

• Least privilege: Users and entities are granted the minimum level of access necessary to perform
their intended tasks. This principle ensures that each user only has access to the resources and
data required for their specific role, minimizing the potential impact of a compromised account.
• Continuous authentication: Instead of relying solely on a one-time authentication event, zero
trust emphasizes continuous authentication and authorization. This means that users’ identities
and access rights are re-evaluated and verified at each access attempt, considering factors such
as user behavior, device health, and network conditions.

15
How to Zero Trust

• Granular access controls: Zero trust promotes fine-grained access controls, enabling
organizations to define specific permissions and restrictions for different resources,
applications, and data. Access can be based on factors such as user roles, location, time of
access, device type, and security posture.
• Multi-factor authentication (MFA): Implementing MFA is a critical component of zero-trust
access. By requiring users to provide multiple forms of authentication (such as passwords,
biometrics, or tokens), the risk of unauthorized access through stolen or compromised
credentials is reduced.
In a zero-trust architecture, dynamic access controls are invoked on the fly
based on criteria, which are current at the time of authentication:

Rule-based access control. The various vendors have different implementations

of the policy engine, which enforces rule-based access control, and may even be
carried out by the application itself. As an example of the latter, Salesforce
enables users logging on to Salesforce.com to restrict their access to certain
IP-addresses or during specified hours during the day.

Attribute-based access control. Attribute-based access control is dynamically

adapting the access based on certain attributes associated with the identity.
The attributes can be of any type, such as location, time, activity and user
credentials. An example could be that a manager is allowed to approve
expenses, just not their own. An attribute-based access control can also be that
you cannot access the application from outside the office location unless you
use a company PC or, every 30 days, you must use a two-factor login method to
get access to the application. Static access is defined as the accesses that are
given due to your job role. Often different access rights are combined according
to specific job roles, i.e., “I work in the sales department and thus have access
to the CRM application”.

Role-based access control. Role-based access control (RBAC) describes the

various job roles that require access to information systems and describe the
accesses rights that are necessary to perform these job roles. Then finally,
grant access based on job roles instead of individual access rights in various
applications. The composition of roles should be verified periodically. In all
organizations the application landscape is usually under development and
changes should be reflected in the roles. You may also be asked to document
the composition of job roles during internal or external audits. Any professional
IAM tool in the market will include functionality to define rules for separation
of duties (SoD).

Separation of duties. In SoD you define so-called “toxic combinations” of access

rights. A toxic combination of access rights could be “approving timecards”
and “having custody of pay checks”. In essence, the concept behind SoD is to
have more than one person required to complete certain critical tasks. It is an

16
 How to Zero Trust

administrative control used by organizations to prevent fraud, sabotage, theft,

misuse of information, and other security compromises.

2.2.4 Challenges

At the beginning of this chapter, I said that a zero-trust project was an all or
nothing project., That is still the case but there are challenges, especially in
large organizations with large and often legacy infrastructures.
• Legacy infrastructure: Many organizations have existing network architectures and legacy
systems that may not easily align with the principles of zero trust. Retrofitting these systems
or transitioning to new infrastructure can be complex and require careful planning.
• Complexity and scalability: Zero-trust implementations can be complex due to the need for
granular access controls, continuous authentication, and network segmentation. Managing and
scaling these systems across a large organization can be challenging and require significant
effort and resources.
• User experience: Introducing strict authentication and authorization processes can potentially
impact the user experience. Balancing security with convenience is crucial to ensure that
employees and users do not face excessive friction when accessing resources.
• Visibility and monitoring: Zero-trust architectures require robust monitoring and visibility tools
to track user activity, identify potential threats, and respond to incidents effectively. Organizations
need to invest in appropriate monitoring solutions and processes to gain real-time insights into
network traffic and access patterns.
• Change management: Implementing zero trust often involves a significant shift in mindset
and cultural change within an organization. Users, administrators, and stakeholders need to
understand the new security paradigm and the reasons behind it. Adequate training and change
management efforts are essential to foster acceptance and cooperation.
• Third-Party Integration: Organizations often rely on external vendors, partners, and cloud
service providers. Integrating these entities into a zero-trust framework can be challenging, as
their security practices and capabilities may vary. Ensuring consistent security standards and
collaboration with third parties is crucial.
• Cost: Implementing a zero-trust architecture may require investments in new technologies,
infrastructure upgrades, and security solutions. Organizations must carefully assess the costs
involved and balance them against the potential benefits and risks.
We all know that we should keep our software and hardware up to date with
patches and hardware platforms, but the reality is that this is often not possible
in complex infrastructures, where legacy hardware is incapable of strong
encryption for instance. This is the unfortunate reality in many organizations,
both because of compliance issues, like in the life science sector, or public
transport sectors.

17
How to Zero Trust

For public transport using trains, in Denmark at least, there are laws
governing the installation and use of new hardware in the trains. Because trains
are used for decades, this means that some of the trains in Denmark are still
using WEP for the wireless security, something we left behind as insecure in
the late 1990s.

Banks still have legacy code running on mainframes developed in COBOL

or PL/1 that cannot be easily updated, since COBOL and PL/1 programmers
are largely retired by now. Some organizations still have business critical
applications running developed in Visual Basic 5/6 in some cases. How ever
much we would like this reality to be different, we must take it into account
in a zero-trust project. We might not be able to spread zero-trust into legacy
systems, but we can, as part of the process, mitigate the risks presented by
legacy hardware and software.

2.3 The Benefits

Having the infrastructure hardened and designed as a foundation for a zero-

trust journey, will serve as a source of the overall security of the organization,
not just the zero-trust projects. If you have reasonably new hardware/software in
your infrastructure, you can use the existing functionality in the infrastructure
to build the foundation for zero-trust. A zero-trust project does not necessarily
mean a big investment in new hardware and software.

Doing an assessment on the existing infrastructure before investing in new

HW/SW for a zero-trust project will undoubtedly result in better utilization of
the existing HW/SW and money being saved. The traditional steps for securing
the network, segmentation, and authentication are still applicable in a zero-
trust networking architecture.

What I am trying to convey here is that a zero-trust project does not mean a
big capital investment from the get-go! Any reasonably up to date infrastructure
can be used as a basis for a zero-trust implementation. Some of the core benefits
of a zero-trust project at the networking infrastructure level are:
1. Improved security: A zero-trust hardened infrastructure provides a more robust and secure
environment by reducing the attack surface and implementing strong access controls and
authentication protocols.
2. Protection against advanced threats: By assuming that all traffic is potentially malicious, a zero-
trust infrastructure can protect against advanced threats such as malware, ransomware, and
zero-day attacks.

18
 How to Zero Trust

3. Greater visibility: A zero-trust infrastructure provides greater visibility into network activity,
enabling administrators to quickly identify and respond to security incidents.
4. Better compliance: A zero-trust infrastructure can help organizations meet regulatory compliance
requirements by implementing strong access controls and data protection measures.
5. Simplified management: A zero-trust infrastructure can simplify network management by
implementing a unified policy across all resources and services, reducing the complexity of
security management.
6. Reduced risk of insider threats: Zero-trust security reduces the risk of insider threats by limiting
access to sensitive resources and requiring additional verification for privileged users.
7. Improved user experience: By implementing strong authentication and access controls, a zero-
trust infrastructure can improve the user experience by reducing the risk of unauthorized access
and data breaches.
What we are trying to achieve is the upper right corner of Figure 2.6, no easy
task but well worth the effort!

Figure 2.6: The sweet spot for any security implementation is in the upper right corner, just keep
in mind that data and applications can be critical enough that we might have to limit usability!

Zero
Trust
S
E
C
U
R
I
T
Y

EASE OF USE

2.4 A summary

A quick summary of the steps involved in implementing zero trust is:

1. Identify and categorize assets: Identify the critical assets, resources, and data that need
protection. Categorize them based on their sensitivity and importance.

19
How to Zero Trust

2. Define access policies: Determine access policies based on the principle of least privilege.
Define who should have access to specific resources, applications, and data, and under what
conditions.
3. Implement strong authentication: Deploy multi-factor authentication (MFA) mechanisms to
strengthen user authentication. Require users to provide multiple forms of verification, such
as passwords, biometrics, or tokens.
4. Enable continuous monitoring: Implement real-time monitoring and logging to track user
activity, network traffic, and access attempts. Use this data to detect anomalies, identify potential
threats, and respond promptly.
5. Segment the network: Implement network segmentation to create isolated zones or
compartments. Separate critical assets, applications, and data into different segments to restrict
lateral movement and limit the potential impact of a breach.
1. Embrace micro-segmentation: Apply micro-segmentation techniques to further segment the
network into smaller, granular segments. This allows for even more precise access controls
and containment of potential threats.
2. Adopt a zero-trust architecture: Transition from a perimeter-based security model to a zero-
trust architecture. This involves removing the implicit trust assumptions and implementing
continuous authentication and authorization mechanisms for every access request, both within
and outside the network perimeter.
3. Implement least privilege access: Grant access rights based on the principle of least privilege.
Users should only have access to the resources they need to perform their specific roles and
tasks.
4. Monitor and analyze behavior: Utilize behavior analytics and anomaly detection to identify
unusual user behavior or suspicious activities. Continuously monitor and analyze user behavior
to detect potential insider threats or compromised accounts.
5. Educate and train employees: Provide comprehensive training and awareness programs to
educate employees about the zero-trust model, the importance of security, and their roles and
responsibilities in maintaining a secure environment.
6. Regularly assess and update security controls: Continuously evaluate and update security
controls, access policies, and technologies to adapt to evolving threats and vulnerabilities.
Remember that implementing zero trust is a journey rather than a one-time
task. It requires ongoing commitment, collaboration, and adaptation to ensure
the security of your organization’s assets and data.

Lastly, none of the above steps can stand alone in a zero-trust project,
but they are all integral to the success of the overall implementation and
maintenance of a zero-trust project!

20
 CHAPTER

Zero Trust – The Networking Level

This chapter we will focus strictly on the networking level. By that I mean
subjects like networking design, network access, micro segmentation, MFA and
more. The network is a vital component in any IT infrastructure. Even if your
company is in the cloud, the network is the component that makes it possible
for you to use the cloud. Unfortunately, many organizations are not using the
security options present in a well-maintained network.

In this chapter we will, again, use the figure from the beginning of Chapter 2
(Figure 3.1):

Figure 3.1: This figure is just as relevant for zero-trust at the networking level as it is for the
other layers in a zero-trust implementation.

21
Zero Trust – The Networking Level

You might think that the figure might suit a more overall approach to zero-
trust, and not a networking focused one, but you would be wrong. Remember,
the network is the foundation of all of the zero-trust architecture that is needed
for a zero-trust implementation. Remember, the user in the upper left corner
needs to use the network to access the application in the lower right.

The traditional approach to security was based on the concept of “trust but
verify.” The weakness of this approach is that once someone was authenticated,
they were considered trusted and could move laterally to access sensitive data
and systems that should have been off-limits.

Zero trust principles change this to “never trust, always verify.” A zero-
trust architecture doesn’t aim to make a system trusted or secure, but rather
to eliminate the concept of trust altogether. Zero trust security models assume
that an attacker is always present in the environment. Trust is never granted
unconditionally or permanently but must be continually evaluated.

The development of the zero trust approach is in response to the traditional

methods of how enterprise assets, resources and data were accessed over the
years. In the early days of computing, companies were able to protect their
data by using firewalls and other security technologies that set up a “secure
perimeter” around the data. Much like a castle wall in medieval times, these
technologies helped protect what was inside, mostly.

But the perimeter changed, rapidly with the onset of Covid 19, as
employees, contractors, and business partners began working remotely –
accessing resources via cloud-based networks or with personally owned devices
that couldn’t always be verified as completely secured. In addition, the
deployment of Internet of Things (IoT) devices (to be touched upon more deeply
in Chapter 5), which often had automatic access to network resources, increased.

To allow employees, partners and contractors access to network resources,

a zero-trust architecture requires a combination of technologies, including
identity management, asset management, application authentication, access
control, network segmentation, and threat intelligence.

The balancing act of zero trust is to enhance security without sacrificing

the user experience, that magical upper right quadrant from Figure 2.6. Once
authenticated and authorized, a user is given access, but only to the resources
they need in order to perform their job. If a device or resource is compromised,
zero trust ensures that the damage can be contained.

The good news for many companies is that they likely already possess
most of the zero-trust enabling technologies. In adopting a zero-trust approach,

22
 Zero Trust – The Networking Level

companies will more likely need to adopt and enforce new policies, rather than
install new hardware.

As mentioned, the network is the foundation for all the infrastructure a

modern business needs in its operation (Figure 3.2). This makes the network
a vital component in a zero-trust journey since the rest of the infrastructure
rests on the security the network provides.

Figure 3.2: The network is the foundation for implementing zero-trust up through the stack.

Zero trust is a strategic approach to security that centres on the concept of

eliminating trust from an organization’s network architecture. Trust is neither
binary nor permanent. It can no longer be assumed that internal entities are
trustworthy, that they can be directly managed to reduce security risks, or that
checking them once is enough. The zero-trust model of security prompts you to
question your assumptions of trust at every access attempt.

23
Zero Trust – The Networking Level

3.1 Zero-trust Security Frameworks

Figure 3.3: There are various ways of looking at zero-trust. This figure is relating Cisco, CISA
and NIST. One is not better than the other, use the one that first your needs!

This chapter is partly focused on the Cisco Zero Trust Framework with the
User and Device Security, Application and Data Security, and Network and
Cloud Security pillars (Figure 3.3).

3.2 Approach

Before you start deploying a zero-trust architecture, there are several basic rules
that must be followed across the company for the system to work.
• All data sources, computing services, and devices are considered resources. Even employee-
owned devices must be considered a resource if they can access enterprise-owned resources.
• All communication should be secured, regardless of the network location.
• Access to resources is granted on a per-session basis, and with the least privileges needed to
complete a task.
• Access to resources is determined through a dynamic policy that includes the state of a client’s
identity and application.
• An enterprise must monitor and measure the integrity and security posture of all owned and
associated assets.
• Authentication and authorization are strictly enforced before access is allowed and can be subject
to change.
• An organization needs to collect as much information as possible about the current state of their
assets, network infrastructure, communications, end users and devices in order to improve their
security posture.

24
 Zero Trust – The Networking Level

Once a resource has been identified as protected, a company needs to set up

“checkpoints” that are responsible for the decision to allow or deny access.
There are three main components, based on terms coined by NIST in its Zero
Trust Architecture document, 800-207 from August 2020.
• Policy engine (PE): A policy engine (PE) is responsible for making the decision to grant or
deny access to a resource (see Section 3.4.3.1).
• Policy administrator (PA): The PA is responsible for establishing or shutting down the
communication path between a requestor (either a person or machine) and the resource (data,
service, application).
• Policy enforcement point (PEP): The PEP enables, monitors, and eventually terminates
connections between a requestor and the resource.
Additional systems can contribute input and/or policy rules, including CDM
systems, or the Cisco DNA Center mentioned in Section 3.4.3.2, industry
compliance systems (making sure that these systems remain compliant with
regulatory agencies), threat intelligence services (giving information about
newly identified malware, software flaws, or other reported attacks), network
and system activity logs, and identity management systems.

Many of these systems feed data into a trust algorithm that helps make
the ultimate decision for the request to access network resources. The trust
algorithm considers data from the requestor as well as several other metrics
as part of its decision. Examples of questions include, but are not limited to:
• Who is this person? Is it a real person, a service account or a machine?
• Have they requested this before?
• What device are they using?
• Is the OS version updated and patched?
In Figure 3.4 I have designed a common situation for many companies,
especially those of an international nature. There is headquarters, possibly
more than one, with many sub-offices scattered around the country or world. In
cases where the company has been buying other companies, the infrastructure
will be a complex set of infrastructures from different vendors and different
design philosophies, making the overall infrastructure situation complex and
difficult to manage.

The situation described above might seem like an unreasonable situation,

but it is the reality for many companies around the world. Of course, there are
situations where a zero-trust project will have an easier go at it, but you should
expect those to be few and far between. So, how do we begin a zero-trust project
in such a situation?

Every company is different, so the way they approach zero trust will vary.
Here are a few common scenarios:

25
Zero Trust – The Networking Level

Figure 3.4: Keep in mind that many organizations are distributed across a country and even the
world. Zero-trust in such a situation is a major effort.

• An enterprise with satellite offices (like above): Companies that have employees working
at remote locations, or remote workers, would likely need to have a PE/PA hosted as a cloud
service.
• Multi cloud, or cloud 2 cloud enterprises: Companies that use multiple cloud providers
(an ever-increasing number of enterprises!) might see a situation where an application is hosted
on a cloud service that is separate from the data source.
• Enterprises with non-employee or contractor access: For on-site visitors or contracted
service providers that need limited access, a zero-trust architecture would also likely deploy the
PE and PA as a hosted cloud service, or on the LAN, in non-cloud cases.

3.3 Segmentation/Micro Segmentation

Segmentation has been a mantra for security at the networking level for
many years now and the importance of segmentation has only increased with
criticality of IT to the businesses and organizations. The original goal of
segmentation was to limit the occurrences of broadcast storms, but it has
migrated away from the core purpose to be aimed at controlling the kinds

26
 Zero Trust – The Networking Level

of traffic allowed between departments. Does HR need to access finance

resources, for instance, or does the receptionist need access to RnD resources?
Those are the kinds of use cases I see among my clients on a nearly daily basis.

The next use case for segmentation is controlling the kinds of traffic allowed
on each of the network segments. See Figure 3.5.

Figure 3.5: Segmentation is a core part of zero-trust at the networking level of an infrastructure.

In this figure the various workloads are divided into clusters, in a real
organization, there will be many more clusters than you see here, this is just
to provide a foundation. By creating the VLAN segmentation like in Figure 3.5,
we can control traffic between the clusters, and control what kind of traffic is
allowed on the VLAN’s in each cluster.

The ERP cluster will undoubtedly need to communicate with the database
cluster, but should the traffic coming from the ERP cluster be allowed non

27
Zero Trust – The Networking Level

database traffic? Maybe, but by segmenting the server workloads into discrete
clusters, we can control, and monitor, the traffic, and protocols that we allow
between the clusters. This provides us with an enormous amount of insight into
our traffic patterns, while at the same time we are limiting the attack surface
that a malicious attacker can utilize to compromise the business or organization.

3.4 Software Defined Networking/Software Defined Access

Software defined networking and software defined access are concepts that
are still new to networking technologies and infrastructures, so let’s begin this
section by defining SDN and SDA, and their relations to zero-trust, before
moving on.

3.4.1 SDN

Software-defined networking (SDN) is a network architecture that separates the

control plane and data plane of a network, enabling centralized management
and programmability of network resources. SDN can be used to implement a
zero-trust network architecture by providing greater control and visibility into
network traffic and enabling more granular access controls.

One of the key benefits of SDN in the context of zero-trust networking is

that it enables administrators to implement dynamic access controls that can
adapt to changing threat conditions. By dynamically controlling access based on
real-time network traffic analysis and user behavior, SDN can provide a more
fine-grained approach to access control that is better suited to the zero-trust
model.

Additional benefits are:

• Centralized control: SDN enables centralized management and control of network resources,
allowing administrators to have a holistic view and make configuration changes from a
centralized controller. This simplifies network management and improves efficiency.
• Agility and flexibility: SDN allows for dynamic network configuration and rapid provisioning of
network services. It enables organizations to quickly adapt to changing business needs, scale
their network infrastructure, and deploy new services or applications faster.
• Network automation: SDN enables network automation through programmable interfaces and
APIs. This simplifies the deployment and management of network services, reduces human
errors, and improves operational efficiency.

28
 Zero Trust – The Networking Level

• Cost efficiency: SDN can help reduce costs by optimizing network resource utilization, enabling
better traffic engineering, and supporting the use of commodity hardware. It allows organizations
to leverage cost-effective solutions and avoid vendor lock-in.
• Enhanced network visibility: SDN provides granular visibility into network traffic and allows for
real-time monitoring and analysis. This visibility enables better troubleshooting, performance
optimization, and security threat detection.
SDN can also facilitate micro-segmentation of the network, which is a key
component of zero-trust architecture. By dividing the network into smaller
segments, administrators can apply more granular access controls and reduce
the attack surface of the network.

Another benefit of SDN in the context of zero-trust networking is that

it enables administrators to deploy security policies across the network
more easily and efficiently. By centralizing network management and
programmability, administrators can more easily implement security policies
that apply to all network resources and services.

Overall, SDN can be a valuable tool for implementing zero-trust networking,

providing greater control, visibility, and security for network resources and
services. By leveraging the programmability and centralized management
capabilities of SDN, administrators can more easily implement a zero-trust
architecture and protect against advanced threats.

Software defined networking (SDN) and zero-trust are two separate but
related concepts in the field of computer networking and security.

SDN refers to an approach to networking that separates the control plane

(which determines how data packets are forwarded) from the data plane
(which forwards the packets). This allows for more flexible and programmable
networks, since the control plane can be managed using software-defined
controllers rather than hard-coded into individual network devices.

Zero-trust, on the other hand, is a security model that assumes that all
network traffic (including traffic within a private network) is potentially
malicious and should be treated with suspicion. Under a zero-trust model, access
to network resources is granted on a need-to-know basis and is constantly re­
evaluated based on contextual factors such as user identity, device security
posture, and network location.

The two concepts are related because SDN can be used to implement a zero-
trust security model. By using a software-defined controller to manage access
control policies, network administrators can more easily adapt to changing
security requirements and ensure that only authorized users and devices are
granted access to sensitive resources.

29
Zero Trust – The Networking Level

For example, an SDN-enabled network might use a centralized policy

controller to dynamically assign access privileges based on contextual factors
such as user identity and device security posture. If a user attempts to access
a sensitive resource from an unsecured device, the policy controller could deny
the request or redirect the user to a secure device or network segment. This kind
of dynamic access control is difficult to implement using traditional network
security methods but can be relatively straightforward using SDN.

SDN is an architecture designed to make a network more flexible and easier

to manage. SDN centralizes management by abstracting the control plane from
the data forwarding function in the discrete networking devices. For SDA the
definition is more aligned with a zero-trust way of thinking.

3.4.2 SDA

Software-defined access (SD-Access) is a networking architecture that

enables dynamic network segmentation, role-based access control, and policy
automation. SD-Access is an extension of the software-defined networking
(SDN) paradigm that aims to simplify and automate access control by using
a centralized policy engine to enforce network policies.

Zero-trust security model and SD-Access share the same philosophy of

assuming that all network traffic is potentially malicious and should not be
trusted by default. Both approaches seek to minimize the attack surface of the
network and provide granular access control to network resources.

By using SD-Access in conjunction with a zero-trust security model,

an organization can ensure that only authorized users and devices are
allowed to access sensitive resources. SD-Access can provide dynamic network
segmentation, which means that network resources can be isolated into
different segments based on the security requirements of the applications and
data. Access to these segments can be granted on a need-to-know basis and can
be constantly re-evaluated based on contextual factors such as user identity,
device security posture, and network location.

In an SD-Access and zero-trust architecture, the network can automatically

adjust access policies based on contextual information such as location, device
type, and user identity. For example, a user attempting to access a sensitive
application from an untrusted device may be denied access or required to
authenticate using multi-factor authentication.

SD-Access gives network architects the tools to orchestrate key business

functions like onboarding, secure segmentation, IoT integration, and guest

30
 Zero Trust – The Networking Level

access. SD-Access automates user and device policy for any application across
the wireless and wired network via a single network fabric.

SD-Access benefits are:

• Simplified network management: SD-Access centralizes network management through policy-
based automation. It enables administrators to define and enforce access policies from a central
controller, simplifying network provisioning, configuration, and troubleshooting.
• Network segmentation: SD-Access allows for granular network segmentation based on user
roles, device types, or other contextual factors. This segmentation enhances security by isolating
different segments and controlling the flow of network traffic.
• Automated policy enforcement: SD-Access automates the enforcement of access policies,
ensuring consistent application of security controls across the network. This reduces the risk of
misconfiguration or human errors and improves overall security posture.
• Enhanced visibility and analytics: SD-Access provides greater visibility into network traffic,
user behavior, and application performance. This visibility enables proactive monitoring, faster
troubleshooting, and better insights for optimizing network performance and security.
• Scalability and flexibility: SD-Access is designed to scale and adapt to changing business needs.
It supports dynamic provisioning, easy scalability, and the ability to integrate new devices and
technologies seamlessly.

3.4.3 Tooling

I begin this section by defining and describing the toolset from Cisco I am using
later in this chapter for the actual implementation of zero-trust in the network.

3.4.3.1 Cisco ISE (Identity Services Engine)

The Cisco Identity Services Engine (ISE) is a network access control and
security policy management platform that can be used to implement a zero-trust
security model.

The ISE is designed to provide visibility and control over network access
by authenticating users and devices, enforcing access policies, and providing
endpoint compliance checks. ISE can integrate with various other Cisco security
technologies, such as Cisco Secure Firewall, to provide comprehensive network
security.

In a zero-trust security model, ISE can play a critical role in ensuring that
only authorized users and devices are granted access to network resources.
ISE can provide policy enforcement for dynamic network segmentation, micro-
segmentation, and context-based access control. This means that access to

31
Zero Trust – The Networking Level

network resources can be granted based on factors such as user identity, device
security posture, and network location, rather than simply allowing access
based on a user’s network credentials.

ISE can also provide identity and access management capabilities, such as
multi-factor authentication, single sign-on (SSO), and user provisioning. These
features can help to simplify access control and improve the user experience
while maintaining a strong security posture.

Additionally, ISE can provide continuous monitoring and threat detection

capabilities to identify anomalous behavior and potential security threats in
real-time. This can help organizations to quickly respond to security incidents
and mitigate potential damage.

3.4.3.2 Cisco DNA Center

The Cisco DNA Center is a software-based network management platform that

can be used to implement a zero-trust security model.

With the DNA Center, administrators can define policies for network
access based on a user’s identity, device type, location, and other contextual
factors. These policies can be enforced across the network using software-
defined networking (SDN) capabilities, such as network segmentation and
micro-segmentation. This approach allows administrators to create a zero-trust
environment, where all traffic is treated as potentially malicious and access to
network resources is granted on a need-to-know basis.

Some of the key capabilities of the DNA Center that enable a zero-trust
security model include:
• Software-defined access (SD-Access): This is an automated network segmentation technology
that allows administrators to define and enforce policies for user and device access. By using
SD-Access, administrators can segment the network based on user groups, device types, and
other contextual factors, and apply different policies to each segment.
• Identity services engine (ISE) integration: The DNA Center can be integrated with Cisco
ISE to provide network access control (NAC) and identity and access management (IAM)
capabilities. ISE can authenticate users and devices, enforce access policies, and provide
endpoint compliance checks.
• Analytics and assurance: The DNA Center provides real-time visibility into network traffic,
allowing administrators to detect anomalies and potential security threats. This feature can help
organizations quickly respond to security incidents and mitigate potential damage.
In summary, the Cisco DNA Center provides a comprehensive set of
capabilities that can be used to implement a zero-trust security model. By using

32
Discovering Diverse Content Through
Random Scribd Documents
operations must be greatly enlarged. We may one day see the whole
of the printing of the Museum a special department, like the
Clarendon or Cambridge University press, with a head and a staff of
its own, and carrying on operations by the side of which those I
have been describing will appear diminutive. At present the Museum
force and the Museum grant are nicely adapted to each other. With a
stronger staff we could easily spend much more money, with a
weaker staff we could not spend what we do. Every effort is of
course made to expend the full amount within the year, not only that
it may not return unused into the Exchequer, but, from consideration
to the just claims of our printers, who have engaged a number of
extra hands whom they cannot afford to keep idle. Hence, as I have
stated, we are content with a single revise, and deliberately prefer
systematic energy to minute accuracy. Misprints and other oversights
will, no doubt, be detected, which a more deliberate procedure
would have obviated. I do not desire to have the air of apologising
for a catalogue which, even if tried by a severe standard, will, I am
persuaded, be pronounced a creditable work; but I wish it to be
understood that these blemishes, as well as some defects of
arrangement manifested in long sets of cross-references, are not
unknown or overlooked. They will diminish as the work proceeds;
confident, meanwhile, of a generous construction, we are
deliberately of opinion that it is infinitely better to run the risk of
letting them pass than to open a door to the capital enemy of all
good administration—arrear. Other shortcomings are necessitated by
the fact that the Museum Library is not an inert mass, but a living
organism. You have not to deal with a closed collection of books like
the King's Library, whose authors are dead, and to which no addition
can ever be made. The very titles before you have been prepared
during the last forty years by twice forty persons of various
idiosyncrasies, whose work, with every care, it is often no easy
matter to harmonise. While the product of their heterogeneous
authorship is at press, the Accession Catalogue is in progress under
independent management; thousands of titles are annually written
and entered which will one day have to be amalgamated with the
general series, and discrepancies must sometimes occur. Moreover,
the catalogue of the world's literature partakes of the mobility of the
world itself. Designations are altered, as when successful generals
become barons, or popular churchmen bishops; anonymous authors
are brought to light; periodicals and works in progress are completed
or relinquished; errors are detected and corrected; improvements
and modifications are introduced. The catalogue of an institution like
the British Museum, dealing with a mass of matter already
accumulated, and intended to register an ever-accumulating mass of
matter for ever and ever, must not aspire to absolute perfection, and
can never attain finality.
A few words, in conclusion, upon the duty and interest of the
public to support the Museum undertakings, and the practical end at
which, as it seems to me, we ought to aim. The catalogue cannot, at
the present rate of progress, be completely printed in much less
than forty years. We shall all agree that this progress ought to be
accelerated, but this can only be by increased liberality from the
Treasury. This will be accorded in proportion to the Treasury's
conviction of the value of our work, and this conviction will greatly
depend upon the appreciation of this usefulness manifested by the
public. If we are to do a national work, we must have national
recognition. I am not at all using the language of complaint or
disappointment. It would be well worth the Museum's while to print
the catalogue for its own sake, even if it did not dispose of a single
copy; and in fact the number of subscriptions is very much what was
expected. I wish, however, that we could succeed in this, as in some
other things, beyond expectation. Something is probably to be
ascribed to the peculiarly quiet manner in which this great change
was effected. Mr. Bond's reforms "come not with observation." A
question which had been so long and clamorously agitated while
unripe was, being ripe, settled in a few conversations, and with a
little official correspondence, so noiselessly and unostentatiously,
that many of those most interested in the matter have never heard
of it. Many who have heard of it are probably under the impression
that the original high terms of subscription have been maintained.
This is not so. All the sections of the Accession Catalogue are now
issued for an annual subscription of £3; and all volumes of the
General Catalogue for an annual subscription of £3, 10s. This does
not bring it within the reach of every purse: still there must be many
students and men of letters in easy circumstances who would find it
well worth their while to secure on such terms a register of the
literature of the world. Our late lamented friend and colleague,
Professor Jevons, was a type of the class I have in my mind; and I
know that on the eve of his death he had determined to become a
subscriber. From another point of view it may be urged that to
support the Museum Catalogue is to take a long step towards the
attainment of the still grander object of a Universal Catalogue. At
present a Universal Catalogue is a Utopian Catalogue. I have the
greatest respect for those who have advocated it as an undertaking
immediately practicable. I have no doubt that the twentieth century
will speak of them as men before their age. But they are before it.
Their project is at present intricate, indefinite, intangible. They want
a base of operations. As Sir Henry Cole himself discerned when he
made his not altogether fortunate experiment of printing a specimen
article from the Museum Catalogue, this catalogue supplies such a
base. Let us know clearly what is in it and what is not; let whatever
it contains be put clearly before the world in type; and we shall be
able to proceed systematically and intelligently to fill up its lacunæ
from the catalogues of other libraries, and from the special
bibliographies which are increasing and multiplying year by year. In
saying "then" I would not foreshadow a date which many of this
generation may not hope to see. My aspiration is that the completion
of the Museum Catalogue in print may coincide with the completion
of the present century. This is an age of anniversary demonstrations.
When a great man dies he bequeaths to his country—his centenary.
It may be predicted that if the twentieth century finds the world at
peace it will be inaugurated with more displays and solemnities than
all preceding centuries together. Well, I do not know how we could
offer it a more acceptable gift than a register of almost all the really
valuable literature of all former centuries. Such a register the British
Museum Catalogue, if then completed, would afford; and a
precedent would be set for a similar issue every succeeding century,
or half or quarter century, as might be found most expedient, which
would show at one view what that particular interval of time had
effected for mankind in literature. Evidently, however, the catalogue
cannot at the close of this century be absolutely complete as
respects the Museum, as a host of accession titles will have been
growing up, a great part of which, coming after the volume which
would otherwise have included them has been printed, will be too
late to be comprised in the general alphabetical series. It may not,
perhaps, be too much to hope that the claims of culture upon the
State will by that time be sufficiently recognised to induce the
Government to bear the cost of reprinting the whole catalogue with
these titles, that the literary register may be as complete as possible,
and to provide for the regular repetition of the process at definite
intervals. If, however, this is not done, there is still another agent
that may be invoked. When the Museum shall have adopted
Photography as it has adopted Electricity; when it shall possess—and
I trust that long ere that period it will possess—a photographic
department, an established branch of its organisation in which, the
salaries of the staff being defrayed as in other departments by the
State, there will be no expense to be considered beyond the mere
cost of chemicals, there need be no limit to the reproduction of its
treasures. Sculptures, coins, and prints can be disseminated over
every hamlet; manuscripts can be multiplied indefinitely and
exchanged with foreign libraries for corresponding donations,
illustrative of English history and antiquities; foreign and country
scholars will be able to consult rare books and unique manuscripts
without leaving their arm-chairs; and, above all, the scattered
portions of the nearest approach the world will have made to a
Universal Catalogue may be brought together, digested into
alphabetical order, and, reproduced in facsimile by this beautiful art
—fit mate of Printing in that she too preserves what would else
perish, and brings light into many a dark place—be given to the
world.[86:1]
 FOOTNOTES:
[67:1] Read before the Library Association, Cambridge, Sept.
1882.
[86:1] This forecast of the service which photography might
render to library catalogues would seem to have been inspired by
the very spirit of prophecy. See, in the American Library Journal
for March 1899, an account by A. J. Rudolph of the success of the
Newberry Library, Chicago, "in printing a catalogue of the
accessions accumulated in the British Museum since 1880 to date,
in one general alphabet by the so-called blue-print process, a
method of photo-printing." If the Newberry Library can do this,
the British Museum ought to be able to incorporate its accession-
titles with the general catalogue, and reissue the latter from time
to time, as frequently recommended in this volume, and in a
remarkable article in the Quarterly Review for October 1898.
 THE PAST, PRESENT, AND FUTURE OF THE
BRITISH MUSEUM CATALOGUE[87:1]
The present and the future of the British Museum Catalogue are
so much more important than its past, that this part of our subject
must be touched with brevity. Resisting, therefore, every temptation
to expatiate upon the desert of ancient cataloguers, further than by
the observation that Moses and Homer were of the brotherhood, we
begin with June 21, 1759, when the Trustees of the British Museum,
which institution had been opened to the public in the preceding
January, recorded the following remarkable minute:—
"The Committee think proper to add that the requiring the
attendance of the officers during the whole six hours that the
Museum is kept open is not a wanton or useless piece of severity, as
the two vacant hours (if it is not thought a burden upon the officers)
might very usefully be employed by them in better ranging the
several collections; especially in the Department of Manuscripts, and
preparing catalogues for publication, which last the Committee think
so necessary a work that till it is performed the several collections
can be but imperfectly useful to the public."
From this we learn that the officers of the Museum had at that
primitive period of its history but two hours to spare from conducting
visitors over the building; that the Committee rather expected to be
censured for requiring any other duty from them; and that, though
the Trustees themselves thought catalogues useful and even
necessary, there were those who deemed otherwise. The Museum
Library dispensed with a printed catalogue until 1787, when one was
issued in two volumes folio, the work of three persons, two-thirds of
whose time was otherwise occupied. It would therefore be unjust as
well as unbecoming to criticise its many defects with asperity. The
compilers seem to have adopted as their principle that the
cataloguer who looks beyond the title-page is lost. They therefore
enter "The London Prodigal" and "Mucedorus" under Shakespeare
with no impertinent scepticism as to the authorship; bewilder
themselves with no nice distinctions between the William Bedloe
who wrote against Mahometanism in 1615, and the William Bedloe
who swore away the lives of Roman Catholics in 1680; and achieve
their crowning glory by cataloguing the thirty-three thousand Civil
War tracts at a stroke under "Anglia" as "a large collection of
pamphlets." If they had tried to do more they would probably have
done nothing. Their list, meagre in every sense, and at the present
day less interesting for what it contains than for what it does not
contain, served for twenty years, when a beginning was made
towards superseding it by the more elaborate performance of Sir
Henry Ellis and Mr. Baber. This catalogue, commenced in 1807, was
completed in 1819. The portion executed by Sir Henry Ellis has been
severely criticised. It was certainly unfortunate that pastor paganus
should have been treated as the equivalent of sacerdos ethnicus,
and Emanuel Prince of Peace mistaken for Emanuel King of Portugal.
Its virtue, however, of portable brevity, has rendered it so useful a
substitute for its colossal successor on those not unfrequent
occasions when the wood could not be seen for the trees, that those
thus beholden to it will be little inclined to deal hardly with its
notorious errors and deficiencies.
Ellis and Baber's catalogue had scarcely been completed ere the
need of a new one began to be felt, partly on account of the
magnificent donation of the 60,000 volumes and 20,000 pamphlets
of the King's Library. Notions of classification were then in the
ascendant, and in 1826 the Rev. T. Hartwell Horne, a bibliographer
famed for strict method and plodding industry, was engaged as a
temporary assistant to carry them out; together with Mr. (afterwards
Sir Frederic) Madden, Mr. Tidd Pratt, and other persons of literary
ability. Seldom has an undertaking so extensive left so little trace
behind it. Mr. Horne's assistants ascended to higher spheres, or
evaporated entirely, and when called upon in 1834 to report the
progress of the previous year, he could only state that he had
personally arranged the classes of "chemical and medical
philosophy"; the latter, indeed, under twenty divisions, with such
subdivisions as "Treatises on Plethora," "Treatises on the Vis
Medicatrix Naturæ," ""Use of Flagellation, Friction and Philtres." The
list may be commended to the study of those who think classification
a simple matter, or a classed catalogue serviceable otherwise than as
an index to an alphabetical one. Seven thousand pounds had been
expended upon the simple sorting of titles, a task merely preliminary
to that of printing them, which might be considered as at least
nearly half done, if only the influx of new titles could be stopped,
which was impossible. The Trustees wisely determined to throw no
more good money after bad; and the episode of classification came
to an end in July 1834. Mr. Baber, Keeper of Printed Books, had
already proposed a plan for a new printed catalogue, to be executed
under the superintendence of a single competent person, a
description denoting Panizzi, then "an extra assistant librarian." This
scheme was set aside in favour of a far inferior plan, by which the
execution of the catalogue was entrusted to four persons of very
unequal degrees of capacity, virtually independent of each other. The
consequence was that the little they did required to be done again.
Panizzi became head of the Printed Book Department in 1837, and
the long discussions which ensued between him and the Trustees
resulted eventually in the ninety-one famous rules which have since
formed the foundation of scientific cataloguing drawn up by him with
the assistance of Messrs. Winter Jones, Watts, Parry, and Edwards.
Their number has afforded a theme for much good-natured and ill-
natured satire; on examination, however, it will be found that a third
of them relate merely to arrangement, and that the remainder are
far from providing for all conceivable cases. It may be granted that
their complexity was incompatible with the Trustees' desire to
produce a printed catalogue at an early date, a desire in which their
officer was far from participating. The Trustees defeated their own
object, partly by allowing the catalogue to be commenced on so
extensive a scale; partly by requiring, or rather letting themselves be
thought to have required, that it should be actually printed, instead
of merely ready for press, by December 1844. This decision
necessitated printing in alphabetical succession, hence diverting
much of the force which should have been applied to compiling the
catalogue, to the correction of the press. It further condemned the
work to inevitable imperfection, since it was impossible to foresee
what titles would be required to be written under A, and such titles,
excluded from the printed volume embracing that letter, kept
continually turning up during the entire progress of the work. As the
imperfections of this volume (published in 1841) became more
notorious, the demand for a printed catalogue gradually died away,
and Panizzi was left in possession of his ideal—a manuscript
catalogue, executed with a thoroughness and on a scale which
seemed to render printing for ever impossible. This, as we shall see,
was destined to break down in its turn; and the great librarian's
objections to print have met with a practical refutation. At the same
time it must be candidly acknowledged that, although Panizzi was
wrong in abstract principle, he was right as regarded the
requirements of his own day. The collection of books was at the time
too limited to justify a printed catalogue, and not too extensive to
render a manuscript catalogue inconveniently unwieldy. Panizzi's
opposition to print was justifiable under the circumstances then
existing; his error was in failing to foresee and provide for the far
different state of things which he himself was calling into existence.
If, while maintaining the old order, he had recognised and promoted
the inevitable advent of the new, he would not have left the renown
of the introduction of print to a young officer of the Manuscript
Department, who, during the heat of the strife over the question of
print in 1848, was, as Sir Frederic Madden informed the Royal
Commission, "employed in seeing through the press the general
index to the Manuscript catalogues in the Reading Room. And I must
say that Mr. Bond has proved a most efficient and most praiseworthy
assistant."
Panizzi wanted a catalogue: he had framed the rules for it with
completeness and precision never imagined before his time, but he
was entirely averse to the catalogue being printed. In his report of
November 17, 1837, he declared it unreasonable to expect that the
public should spend the enormous sum that the printing of a
catalogue of the whole of such a library requires, to suit the
convenience of a small portion of the community. There was much
weight in the argument, and the propounder of it could not foresee
that he would himself in the long run overthrow it by the
extraordinary development he was destined to impart to the library,
and by consequence to the catalogue. When, eight years after the
date of the report just quoted, Panizzi's persevering efforts obtained
an annual grant of £10,000 to remedy the deficiencies of the library,
he started the catalogue on a road whose inevitable goal was print.
Library and catalogue increasing pari passu, it became abundantly
clear that recourse must some day be had to print for the mere sake
of reducing the bulk of the latter. This consummation was
accelerated by another of Panizzi's great measures—the introduction,
at the independent and almost simultaneous suggestion of Mr.
Wilson Croker and the late Mr. Roy, of the Library, of the system of
keeping up the catalogue by slips pasted on the leaf, and therefore
easily removable, thus preventing the disturbance of alphabetical
order. As this gave three thicknesses to the leaf, and the slips were
at first pasted widely apart, and were not, moreover, transcribed
with any special regard to economy of space, the hundred and fifty
volumes placed in the Reading Room in 1850 had swollen to fifteen
times that number by 1875. This development was attended by
another unforeseen consequence; it became actually more
expensive to transcribe the catalogue than to print it. The number of
transcribers employed to copy titles, of incorporators required to
assign these to their proper places, of binders' men to perform the
manual work, the incessant shifting and relaying, inserting new
leaves and dividing and rebinding old volumes, were attended by
financial results which frequently elicited communications from the
Treasury. One of these happened to arrive in 1875, shortly after the
writer of these pages had become Superintendent of the Reading
Room. Being now in a position to report upon the subject, he
pointed out what had long been exceedingly plain to him, that the
space available for the accommodation of the catalogue was all but
exhausted, and that on this ground alone it would be imperative to
reduce its bulk by printing at least a portion of it. In 1878 his
representations were renewed, this time with great encouragement
from Sir Charles Newton, then acting as Principal Librarian, but
nothing decisive was done until the accession of the late Principal
Librarian, Mr. E. A. Bond, in the autumn of the same year. Mr. Bond
had long made up his mind, on literary grounds, that the catalogue
ought to be printed; and finding himself now enabled to give effect
to his views, initiated negotiations with the Treasury which led in due
course to the desired result. In 1880 print was adopted for the
entries of all future additions to the library, thus putting an effectual
curb upon the growth of the catalogue. In 1881 the printing of the
catalogue as a whole was commenced, and has since been carried
on uninterruptedly. The order of publication was not at first
alphabetical, the Treasury's support having been partly gained by the
promise to deal, in the first instance, with the overgrown volumes in
various parts of the catalogue which would otherwise have required
rebinding and relaying. This accomplished, however, publication, as
had always been Mr. Bond's intention, glided into as close an
alphabetical sequence as is consistent with the fact that different
portions of the same letter are necessarily taken up simultaneously,
and that some are much more difficult to prepare for press than
others. With the adoption of print the history of the Museum
Catalogue may be said to terminate for the present, while its actual
condition will appear from the statement now to be given of the
progress hitherto made.
By the time that these pages see the light about 190 parts or
volumes of the catalogue will have been issued. Averaging the
number of entries as 5000 to a volume (notwithstanding that the
volumes have of late been made thicker), it will appear that 950,000
titles have been printed, or nearly one-third of the entire work,
allowing for the constant accession of new material during its
progress, as will be explained further on. This gives an average of
about twenty-four parts annually since the commencement of
printing in 1881; but as the amount of the Treasury grant did not
admit of the publication of more than fifteen parts annually for the
first two years, the average publication at present may be taken as
thirty. Speaking generally, it may be said that the catalogue is in type
from A to the end of G, and from V to the end of the alphabet. This
is nearly a third of the whole, and at the present rate of progress it
seems reasonable to conclude that the printing may be completed in
about twelve years. It should be hardly necessary to explain to the
reader who may be familiar with the appearance of the catalogue in
the Reading Room, that the ponderous folio he is accustomed to
there presents little resemblance to the parts as issued to
subscribers. Special copies of the latter, printed on one side of the
paper only, are laid down for Reading Room use on considerably
larger sheets of the strongest and toughest vellum paper procurable,
and thus the quartos are converted into folios. The printed strip
when pasted down occupies only the left side of the leaf, the blank
portion opposite, as well as that above and below, being reserved
for the additions continually accruing from the titles of new books
received after the printing of the volume,[96:1] which is further
supplied with guards to allow of interleaving. It has been computed
that each volume would contain 9000 titles, after which it must be
divided, and that the Reading Room will accommodate 2000
volumes, providing room for eighteen millions of titles, or, at the
present rate of cataloguing, for the accumulation of three centuries
to come. In 1880, just before the introduction of printing, there was
not room to place another volume. A column of the type used in
printing the catalogue weighs ten pounds, so that supposing the
work, when through the press, to consist of 600 volumes averaging
250 columns each, a million and a half pounds' weight of type will
have been employed.
From the preparation of the catalogue for strictly Museum
purposes, we pass to the arrangements for its issue to the public.
Here we are confronted by two very remarkable facts—one as
gratifying as the other is the reverse. For the original subscribers the
Museum Catalogue is one of the cheapest books in the world. At its
commencement it was not expected that more than fifteen parts
could be issued annually, and the annual subscription was fixed at
three pounds. In fact, however, the rate of publication has for some
years past averaged thirty parts, while the terms of subscription
remain unaltered. The subscription is, therefore, virtually reduced by
one-half, and the cost of each part, with its 250 columns and 5000
titles, is just two shillings. It may be doubted whether equal liberality
has ever been shown by any public institution. The case, however, of
the subscribers of the future is far otherwise, or rather say would be,
if such subscribers could exist. Nobody will take an imperfect
catalogue, and the sum required for the parts already printed is an
almost insuperable obstacle in the way of new subscribers, and an
effectual bar to the further dissemination of the catalogue, except by
donation. It would be well worth while to offer the parts already
printed as a bonus, at a nominal or greatly reduced price.
Unfortunately, however, the number of copies printed during the first
year was comparatively limited, and the impression, as regards
these, would be exhausted almost immediately. The difficulty would
disappear if the Museum possessed that indispensable auxiliary to its
progress, a photographic department, in which the photographer's
salary and the cost of chemicals should be paid by the State; thus
allowing photographic work to be done gratuitously for the
institution, and at a merely nominal rate for the public. In this case
the deficient volumes would be supplied without any expense
whatever, and the offer of the perfected sets to the public at a
nominal cost would probably ensure sufficient subscribers for the
remainder of the work. Until this great step towards the popular
dissemination of the Museum's treasures in all departments has
been taken, it will be necessary to reprint the earlier volumes of the
catalogue; and the £1500 required for this purpose might probably
be obtained from subscribers on condition of the other back volumes
being thrown in as a bonus at a greatly reduced price. The longer
the operation is delayed the more costly will it be for the Museum,
which runs the risk of eventually finding itself with a hundred sets,
mostly imperfect, on its hands, of which it will be impossible to get
rid otherwise than by donation. A subscription once commenced is
not likely to drop, as the value of a set of the catalogue depends
upon its completeness.
 It will now be naturally inquired, at what period may the
completion of the catalogue be looked for? The answer will be,
about the end of the century, if the Treasury grant is maintained at
its present figure. The amount expended in printing, inclusive of that
incurred for printing the titles of books added to the library, is about
£3000 annually. Two years ago the grant for purchases throughout
every department of the institution was reduced by two-fifths, and
only half the amount has as yet been restored. If a similar mistaken
spirit of economy had affected the grant for printing, the completion
of the catalogue must have been proportionately delayed. Any
expectation, therefore, which may be held out of the
accomplishment of the work by the end of the century, or any other
date, must be understood to be entirely subject to the action of the
Chancellor of the Exchequer, who has it in his power to retard
progress indefinitely, or interrupt it altogether. It must be
acknowledged that the behaviour of the Treasury towards this
department of the Museum service has hitherto been very liberal;
and that the grant for printing is as large as, with the numerous
other demands upon the library staff, can be employed to
advantage. The preparation of copy for the press, and its
subsequent correction and revision, occupy the entire time of several
of the best assistants; and, were absolute bibliographical accuracy
aimed at, would require that of several more. This cannot be had,
and all pretension to minute accuracy has invariably been
disclaimed. It has been felt all along that a number of trifling errors
are preferable to the huge and unpardonable error of not
accomplishing the work at all. From what has been said, it will be
apparent that the publication of this catalogue is carried on under
very different conditions from those habitual in similar undertakings.
Three thousand pounds a year must be spent upon it; or, as regards
Museum purposes, must be thrown away. Any balance unexpended
at the end of the financial year must revert to the Treasury, and
would be an uncompensated loss as regards the Museum. This
misfortune has hitherto been avoided—partly by an energy and
diligence on the part of the gentlemen employed, of which it is
impossible to speak too warmly or too gratefully—partly by a
resolute determination not to aim at an ideal perfection, which,
under the circumstances, would be absolutely mischievous.
Ordinary visitors to the library may from one point of view be
divided into two classes, those who are astonished that it has not
got every book in the world, and those who marvel that it possesses
so many books as it does. Nothing is commoner than the remark, "I
suppose you have everything that ever was printed," unless it is the
exclamation, "You surely do not keep all the rubbish!" These two
sets of ideas may be taken to represent the two tendencies which
affect every public library; and by consequence every complete
catalogue of its contents, that of mechanical accretion, and that of
intelligent selection. The operation of the Copyright Act is, of course,
responsible for most of the element of "rubbish" in the catalogue;
while a moment's thought will show the impossibility of making the
librarian a censor, and allowing him to exclude whatever might not
square with his prejudices or fancies. A considerable part of the
catalogue, therefore, must be devoted to recording publications of
little intrinsic value, but even here there is an important reservation
to be made. Time, which in so many instances abates the value of
what is really precious, makes in a fashion amends by bestowing
worth on what was once of little account. What would we not give
for a Court Gazette of the days of Augustus, or a list of odds at the
Olympic games? There is absolutely no telling what value the most
insignificant details of the nineteenth century may possess for the
nineteenth millennium: even now men of letters might find the same
intellectual stimulus in many a trivial page of the Museum Catalogue,
as a distinguished living orator is said to find in Johnson's Dictionary.
Next to this automatic factor in the increase of the catalogue may be
named the element of seeming accident—the addition to the library
of various classes of books, now at one time, now at another, as
apparent chance, but actual law has prescribed. If we can imagine
the various constituents of the Museum Library piled upon one
another in chronological sequence, and a shaft driven down from the
top, we may conceive ourselves coming upon a succession of strata,
as the geologist finds when he bores for coal, or the archæologist
when he explores the site of a city where men have dwelt from the
age of Hercules to the age of Heraclius. The Museum was founded
by a great physician; the library, therefore, rests upon a sound
substratum of old medical books. The King was the next important
benefactor; next above early medicine and natural history,
accordingly, comes a stratum of royal libraries from the first Tudor to
the last Stuart, each a miniature representative of the best literature
of its time. The Hanoverian sovereigns, though no great patrons of
letters, were diligent collectors of pamphlets: hence the priceless
collection of Civil War and other important tracts which immediately
succeeded the donations already mentioned. As the growth of the
Museum attracted further liberality ("To him that hath shall be
given"), the collection naturally took an impress from the tastes of
the private collectors by whom it was enriched. Hence abundant
wealth in classics and the early literature of the Latin family of
languages, accompanied by poverty in languages which the
collectors did not understand, and subjects for which they did not
care. When, thanks to Panizzi, the library at last obtained an
adequate grant for purchases, the librarian's own intelligence
became a much more important factor than formerly. To continue
our metaphor, the contents of the recent strata would be found far
more composite than of old, and more puzzling to the intellectual
geologist. He would come upon various fragmentary formations, as it
were, in which, trifling and remote effects of prodigious causes, he
would discern vestiges of the great events of the time. Thus the
growth of Greater Britain is legible in piles of colonial newspapers,
and the Paris Commune is represented by a mass of caricatures and
the scorched books of an Imperial Prince, literally saved out of the
fire. It is the librarian's business at once to profit by this tendency to
the accumulation of specialities, and to counteract it: to take
advantage of every opportunity that may arise of enriching the
library in definite directions, and at the same time of providing for
the steady influx of miscellaneous literature, alike of the past and of
the present as regards foreign nations: of English contemporary
literature the Copyright Act, as above explained, takes sufficient
care. It seems paradoxical, but it is true, that the Museum should be
the home both of the books which every one expects to find in it,
and of those which no one expects to find—of the literary freight
which can ride the ocean, and of that which would perish without
the haven of a public library. The catalogue must be the mirror of
the library, and it is not the least of the many advantages of print
that the public have now much better means than formerly of
judging how the most difficult functions of librarianship have been
understood and discharged at the Museum. In this connection
mention may be made of a minor feature of the publication of the
catalogue of considerable importance: the issue of extra copies of
special articles as excerpts, sold separately at the lowest possible
price. In this manner bibliographies, complete as far as the Museum
collections are concerned, of Aristotle, Bacon, Bunyan, Byron, Dante,
Goethe, and other writers of special importance have been issued.
These should be of great value to students, and would probably
have a large sale if their existence were more generally known. At
present, like other Museum publications, they suffer from imperfect
publicity. Another very valuable appendix to the catalogue of printed
books is the catalogue of maps and plans, reduced, under Professor
Douglas's direction, from upwards of three hundred of MS. to two
volumes of print as issued to the public, or fourteen as laid down for
use in the Reading Room. The four hundred and fifty MS. volumes of
the catalogue of music, it is hoped, are on the eve of undergoing
similar treatment.
Apart from the errors which must inevitably creep into so vast a
work, dealing with such a variety of languages and literatures, and
now in progress for more than fifty years, a considerable amount of
imperfection is evidently inseparable from the very nature of the
undertaking. It does not and cannot represent the condition of the
library at any given moment. The volumes containing A, for
example, will comprise the books under that letter possessed by the
Museum in 1882 or 1883; but T, which for reasons which we have
no space to explain, will probably be the last letter to be printed, will
represent the condition of the library, as regards that letter, about
the year 1900. During the whole progress of the catalogue an
incessant shower of new titles representing the new books
continually being acquired, will have been descending at the rate of
some 40,000 a year. Those belonging to letters not yet at press will
have been taken up and absorbed by the catalogue in its progress;
those belonging to the letters already in type must fall into a
supplement. The article Thackeray, therefore, will be more complete
than Dickens, and Thucydides than Herodotus. As concerns the
student at the Museum, this is of no importance; the additions being
regularly incorporated in the Reading Room catalogue in the manner
above described. The catalogue as issued to subscribers, however, is
necessarily imperfect and irregular. Supposing, for example, that
Lord Tennyson and Mr. Browning were to simultaneously publish
translations of Homer when the printing of the catalogue had
reached the article Jones, Lord Tennyson's version would appear
under Tennyson, but not under Homer, and Mr. Browning's version
would not appear at all. There is but one way of obtaining a perfect
index to the condition of the national library at a given time: the
catalogue must be reprinted along with the numerous accessions
which have been accumulating while the first edition has been going
through the press—a national undertaking which will commend itself
to men of letters more readily than to ministers of finance. Should,
however, the completion of the catalogue nearly coincide with the
commencement of the twentieth century, it may be hoped that this
will be one of the many ways in which, if the new century does not,
like its predecessors, find the nation traversing a crisis, the epoch
will assuredly be commemorated. It would remain to provide for the
regular reprinting of the catalogue with its accessions at intervals,
say of a quarter of a century. England would then possess a
complete index to the growth of the national library, and the world
would have the nearest approach to a register of all literature that,
in the absence of any feasible scheme for a universal catalogue by
co-operation among public libraries, it seems likely to obtain. Even
this more ambitious project might be promoted if public libraries
would consent to take the Museum Catalogue as a basis, and publish
lists of such of their own books as are not to be found in it. By this
means the expense and labour of cataloguing would be very greatly
reduced, and the combination of these lists with the Museum
Catalogue, when this came to be printed for the third time, say
about 1925, would at last provide the desideratum of a universal
register of literature.
Ambitious undertakings like these, however, depend upon the co-
operation of many governments and many institutions. We can
speak with more confidence of the efforts of the Museum to provide
what is only second in importance to the catalogue itself—a
classified index of its contents. With this object in view several
copies of the catalogue are printed on one side only, that when
completed they may be cut up, and the titles sorted according to
subject, and re-arranged in classified lists. Thus by simply putting
together all titles bearing the press mark E, we shall obtain a
separate catalogue of the Civil War Tracts; and a similar proceeding
as respects the titles marked F, will afford a similar catalogue of the
Croker collection of pamphlets on the French Revolution. Classed
indexes to the literature of any subject can be made with equal
facility, and as several copies of the catalogue will be available for
treatment in the manner suggested, they may be varied for different
objects, or to suit different systems of classification. For all strictly
Museum purposes it would suffice to paste the titles excerpted on
sheets of paper, but any of the indexes thus prepared might be
printed and published. The only difficulty or delay would arise from
the incorporation of the supplementary titles, which, as already
explained, will have been continually added during the printing of
the catalogue, and even this could be obviated by reprinting the
entire catalogue as suggested above.
These hints, imperfect as they are, should convince the reader
that the future of the Museum Catalogue, supposing the institution
to be maintained in its present condition of efficiency, will not be less
remarkable than its past. It will continue to make demands on the
liberality of successive generations, which will be the more readily
met the more the voluminous development of literature enforces the
conviction that, next to positive addition to the world's stock of
information, the most important service to culture is the preserving,
arranging, and rendering accessible the stores which the world
already possesses. The recovery of the catalogue of the Alexandrian
Library, if a less delightful, would probably be a more substantial
gain to knowledge than the recovery of any individual author. But
what the literature of the world is to the literature of ancient Greece,
the Catalogue of the British Museum is to that of the Alexandrian
Library.

FOOTNOTES:
[87:1] Universal Review, October 1888.
[96:1] Soon after this was printed, three columns instead of
one were left blank, as the writer had recommended from the
first.
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

ebooknice.com