Zero Trust in Resilient Cloud and Network Architectures
- By Josh Halley, Dhrumil Prajapati, Ariel Leza, Vinay Saini
- Published Jun 26, 2025 by Cisco Press. Part of the Networking Technology series.
eBook
- Your Price: $51.19
- List Price: $63.99
- Estimated Release: Jun 26, 2025
- Includes EPUB and PDF
- About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB
The open industry format known for its reflowable content and usability on supported mobile devices.
PDF
The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Also available in other formats.
- Copyright 2025
- Edition: 1st
- eBook
- ISBN-10: 0-13-820452-7
- ISBN-13: 978-0-13-820452-5
Zero Trust in Resilient Cloud and Network Architectures, written by a team of senior Cisco engineers, offers a real-world, hands-on guide to deploying automated architectures with a focus on segmentation at any scale--from proof-of-concept to large, mission-critical infrastructures. Whether youre new to software-defined and cloud-based architectures or looking to enhance an existing deployment, this book will help you:
- Implement Zero Trust: Segment and secure access while mitigating IoT risks
- Automate Network Operations: Simplify provisioning, authentication, and traffic management
- Deploy at scale following best practices for resilient and secure enterprise-wide network rollouts
- Integrate with Cloud Security, bridging on-prem and cloud environments seamlessly
- Learn from Real-World Case Studies: Gain insights from the largest Cisco enterprise deployments globally
This edition covers Meraki, EVPN, Pub/Sub, and Terraform and Ansible-based deployments with a key focus on network resilience and survivability. It also explores quantum security and Industrial Zero Trust, along with Ciscos latest evolutions in software-defined networking, providing exclusive insights into its enhancements, architecture improvements, and operational best practices. If you're a network, security, or automation specialist, this book is your essential guide to building the next-generation, zero-trust network.
Table of Contents
Introduction xxxix
Chapter 1 Zero Trust Demystified 1
Definition of Zero Trust 1
How It All Began 2
Why We Need Zero Trust 3
Core Principles of Zero Trust 5
Major Zero Trust Industry Standards 11
People, Processes, and Technology 15
On-Premises vs. Cloud 19
Hybrid Environment Recommendations 23
Security Certifications 24
Summary 26
References 27
Chapter 2 Secure Automation and Orchestration Overview 29
Introduction to Automation and Orchestration 29
Building Blocks of Secure Automation 35
Common Automation Practices and Tools 40
AI and Machine Learning with Automation 47
Summary 52
Chapter 3 Zero Trust Network Deployment 53
Elements of Zero Trust Strategy Definitions 54
Tools and Technologies 63
Identifying Business Workflows 66
Applying Zero Trust Using SSE 67
ZTNA Deployment Scenarios 71
Summary 74
Chapter 4 Security and Segmentation 75
Overview 75
Segmentation Options 76
Methods of TrustSec Transport 91
Control Plane TrustSec Transport 96
Summary 101
Chapter 5 DHCP and Dynamic Addressing Concepts 103
Introduction to Dynamic Addressing 103
Zero Trust Approach to Dynamic Addressing 109
DHCP Options 113
DHCP Authentication 114
IPv6 Address Assignment 115
IPv6 First Hop Security 123
Summary 126
Chapter 6 Automating the Campus 127
Overview 127
Planning 128
Execution 135
Summary 147
References 147
Chapter 7 Plug-and-Play and Zero-Touch Provisioning 149
Overview 149
Plug-and-Play Provisioning 150
Zero-Touch Provisioning 165
Template Usage in Catalyst Center 169
Programmability-Based Deployment 172
Customer Use Cases 177
Summary 183
Chapter 8 Routing and Traffic Engineering 185
Overview 185
Routing 187
Traffic Engineering 212
Summary 218
References 218
Chapter 9 Authentication and Authorization 219
Overview 219
A Broader View of Identity 220
Authentication and Authentication Methods 223
Authorization 243
Customer Use Cases 249
Summary 252
Chapter 10 Quantum Security 253
What Is Quantum Computing? 253
Quantum Computing and Emerging Security Threats 265
Approaches to Safeguard Against Quantum Adversaries 270
Summary 278
Chapter 11 Network Convergence and Considerations 279
What Is Convergence? 279
Convergence in Layer 3 Routed Architectures 281
Methodologies of Convergence Testing 300
Monitoring Security Convergence 308
Summary 314
Chapter 12 Software-Defined Network Deployment Best Practices 315
Introduction 315
Network Deployment Lifecycle 317
Stage 1: Planning and Design 318
Stage 2: Deployment and Migration 324
Stage 3: Operations and Management 330
Summary 335
References 336
Chapter 13 Wired and Wireless Assurance 337
What Is the Best Practice for Your Enterprise Architecture? 337
Wired Network Best Practice Design Concepts 338
Tiered Network Design 340
Stacking Constructs 342
Layer 3 Architectures 343
Optimizing Wireless Networks 344
Anchoring Concepts (Catalyst/Meraki) 351
Monitoring TrustSec and Security Enforcement 354
Case Study: Financial Sector Customer 358
Summary 360
Chapter 14 Large-Scale Software-Defined Network Deployment 361
Introduction 361
Network Design 362
Security 367
Automation 369
Implementation: Kyle and Jason Go to Fast Burger 377
Summary 379
Chapter 15 Cloud-Native Security Foundation 381
Introduction to Cloud-Native Security: A Zero Trust Perspective 381
Cloud Infrastructure Security: Pillars and Practices in the Modern Cloud 393
Key Management in Cloud Environments 400
Network Security Evolution and Segmentation 404
Navigating Multicloud and Hybrid Cloud Security 413
Monitoring and Logging Requirements for Compliance 421
Summary 435
References 436
Chapter 16 Cloud-Native Application Security 437
Introduction to Cloud-Native Application Security 437
Role of Cloud-Native Application Protection Platform (CNAPP) 458
Building Secure Applications with Cloud-Native Security 460
Unique Security Considerations for Serverless Architectures 470
Emerging Trends and Future Outlook in Cloud-Native Security 482
Summary 485
References 486
Chapter 17 Data Center Segmentation On-Prem to the Cloud 487
Introduction to Data Center Segmentation in Hybrid and Multicloud Environments 487
Zero Trust and Microsegmentation Principles for Segmentation 489
Segmentation Challenges in Hybrid and Multicloud Environments 491
Ways to Implement End-to-End Segmentation Policies with Zero Trust 493
Ways to Migrate Segmentation Policies: From On-Premises to Cloud 496
Web3 and Immutable Trust in Hybrid Cloud Segmentation 514
Summary 534
References 534
Chapter 18 Using Common Policy to Enforce Security 535
Introduction to Security Policies 535
Designing Common Security Policies 536
Policy Enforcement Mechanisms 539
Identity and Access Management (IAM) Policies 541
Data Protection and Privacy Policies 543
Network Security Policies 543
From SDLC to SDL to SSDLC: A Journey Toward Secure Software Development 544
OWASP SAMM: A Framework for Security Maturity 557
Monitoring, Logging, and Auditing Policies 563
Incident Response and Remediation Policies 564
Policy Compliance and Verification 564
Challenges in Policy Enforcement Across Hybrid Environments 565
Future Directions in Policy-Based Security 565
Summary 568
References 569
Chapter 19 Workload Mobility: On-Prem to Cloud 571
Definition and Scope of Workload Mobility 571
Is Your Cloud Ready for Your Workloads? Understanding the Benefits and Challenges 572
Choosing a Cloud Model with Zero Trust as the Goal 579
Analysis of TCO and ROI for Workload Migration 581
Building Out a Secure Migration Plan 583
Integrating AWSs Well-Architected Framework: Case Study of ABC Corp 587
Workload Migration Frameworks and Tools 589
Data Security During Workload Migration 593
Data Transfer vs. Cloud Migration: An Overview 598
Cloud Migration Security 604
Quality Engineering: The Heart of Cloud Migration 614
Network and Connectivity Considerations 616
Managing IP Addressing and DNS Changes 637
Ensuring High Availability and Disaster Recovery Readiness 643
Security Posture Adjustment Post-Migration 645
Identity and Access Management in Hybrid Environments 649
Summary 664
References 665
Chapter 20 Resilience and Survivability 667
Resilience Metrics 667
Types of Resilience 671
Software Resilience 674
Resilience in the Cloud 676
Consequences of Authentication and Authorization Resilience 681
Client and Server Agent Resilience 684
Audit Trail Resilience 686
Proactive Resilience Validation 689
Network Infrastructure Resilience Consideration 690
Summary 690
Chapter 21 Zero Trust in Industrial Manufacturing Vertical 691
Introduction to Industrial Networking 691
Pillars of ZTNA for Industrial Plant Networks 696
Secure Remote Access with ZTNA 706
Extending ZTNA in a Noncarpeted Environment with Cisco SD-Access 710
Summary 715
Chapter 22 Third-Party SDN Integrations 717
Introduction to Third-Party SDN Integrations 717
End-to-End Policy Strategy in a Multivendor Environment 718
Benefits of End-to-End Segmentation 718
Challenges in Multivendor Environments 719
Why VXLAN-EVPN? 723
BGP EVPN Detailed Traffic Flow and Architecture 725
Security Considerations in the Campus 727
Firewall Connectivity in the Campus 728
Third-Party Vendor Firewall Policy Integration 735
Highly Resilient Firewall Integrations 740
Summary 743
References 743
Chapter 23 Infrastructure as Code (IaC) 745
Introduction 745
Evolution of Automation in Network Device Deployment and Management 746
Working with Structured Data 758
Revision Control 761
Building a Data Model 764
Network Controllers vs. Direct to Device 765
Deploying an IaC Architecture 766
Securing IaC Provisioning 769
Deploying a Resilient as Code Infrastructure 772
As Code Today 773
Transitioning to a Network as Code 774
Pre-Validation in the Physical Replica or a Digital Twin 775
Summary 776
9780138204600, TOC, 5/5/2025