I’m losing hair trying to reconcile Zero Trust Architecture and Secure Authenticated and Authorized Connections. The ZTA people who truly believe it’s architecture and not product are closer to understanding the holy grail, however, as I continue to muddle around in this space there are plenty of caveats like assuming nothing else fails.
assuming nothing else fails
But the problem with this approach is that security officers are still waving magic wands like a magician.
If you understand that the boundary between the VM guest and host is jail like and the same for docker guests and host. And generally speaking where docker/container implementations support encrypted microsegment SDN … they are most vulnerable when the guest is an OS+app and it usually is, bug when it’s just an application to application … then the application itself is the attack vector. A SQL injection that might reveal a complete customer list; but that does reduce the surface area; except just like VMs a host compromise is still critical.