larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Zero Trust in Resilient Cloud and Network Architectures

eBook

  • Your Price: $51.19
  • List Price: $63.99
  • Includes EPUB and PDF
  • About eBook Formats

    • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Add to cart

Also available in other formats.

  • Description
  • Sample Content
  • Updates
  • Copyright 2025
  • Edition: 1st
  • eBook
  • ISBN-10: 0-13-820452-7
  • ISBN-13: 978-0-13-820452-5

Zero Trust in Resilient Cloud and Network Architectures, written by a team of senior Cisco engineers, offers a real-world, hands-on guide to deploying automated architectures with a focus on segmentation at any scale--from proof-of-concept to large, mission-critical infrastructures. Whether youre new to software-defined and cloud-based architectures or looking to enhance an existing deployment, this book will help you:

  • Implement Zero Trust: Segment and secure access while mitigating IoT risks
  • Automate Network Operations: Simplify provisioning, authentication, and traffic management
  • Deploy at scale following best practices for resilient and secure enterprise-wide network rollouts
  • Integrate with Cloud Security, bridging on-prem and cloud environments seamlessly
  • Learn from Real-World Case Studies: Gain insights from the largest Cisco enterprise deployments globally

This edition covers Meraki, EVPN, Pub/Sub, and Terraform and Ansible-based deployments with a key focus on network resilience and survivability. It also explores quantum security and Industrial Zero Trust, along with Ciscos latest evolutions in software-defined networking, providing exclusive insights into its enhancements, architecture improvements, and operational best practices. If you're a network, security, or automation specialist, this book is your essential guide to building the next-generation, zero-trust network.

Table of Contents

    Introduction xxxix

Chapter 1 Zero Trust Demystified 1

    Definition of Zero Trust 1

    How It All Began 2

    Why We Need Zero Trust 3

    Core Principles of Zero Trust 5

    Major Zero Trust Industry Standards 11

    People, Processes, and Technology 15

    On-Premises vs. Cloud 19

    Hybrid Environment Recommendations 23

    Security Certifications 24

    Summary 26

    References 27

Chapter 2 Secure Automation and Orchestration Overview 29

    Introduction to Automation and Orchestration 29

    Building Blocks of Secure Automation 35

    Common Automation Practices and Tools 40

    AI and Machine Learning with Automation 47

    Summary 52

Chapter 3 Zero Trust Network Deployment 53

    Elements of Zero Trust Strategy Definitions 54

    Tools and Technologies 63

    Identifying Business Workflows 66

    Applying Zero Trust Using SSE 67

    ZTNA Deployment Scenarios 71

    Summary 74

Chapter 4 Security and Segmentation 75

    Overview 75

    Segmentation Options 76

    Methods of TrustSec Transport 91

    Control Plane TrustSec Transport 96

    Summary 101

Chapter 5 DHCP and Dynamic Addressing Concepts 103

    Introduction to Dynamic Addressing 103

    Zero Trust Approach to Dynamic Addressing 109

    DHCP Options 113

    DHCP Authentication 114

    IPv6 Address Assignment 115

    IPv6 First Hop Security 123

    Summary 126

Chapter 6 Automating the Campus 127

    Overview 127

    Planning 128

    Execution 135

    Summary 147

    References 147

Chapter 7 Plug-and-Play and Zero-Touch Provisioning 149

    Overview 149

    Plug-and-Play Provisioning 150

    Zero-Touch Provisioning 165

    Template Usage in Catalyst Center 169

    Programmability-Based Deployment 172

    Customer Use Cases 177

    Summary 183

Chapter 8 Routing and Traffic Engineering 185

    Overview 185

    Routing 187

    Traffic Engineering 212

    Summary 218

    References 218

Chapter 9 Authentication and Authorization 219

    Overview 219

    A Broader View of Identity 220

    Authentication and Authentication Methods 223

    Authorization 243

    Customer Use Cases 249

    Summary 252

Chapter 10 Quantum Security 253

    What Is Quantum Computing? 253

    Quantum Computing and Emerging Security Threats 265

    Approaches to Safeguard Against Quantum Adversaries 270

    Summary 278

Chapter 11 Network Convergence and Considerations 279

    What Is Convergence? 279

    Convergence in Layer 3 Routed Architectures 281

    Methodologies of Convergence Testing 300

    Monitoring Security Convergence 308

    Summary 314

Chapter 12 Software-Defined Network Deployment Best Practices 315

    Introduction 315

    Network Deployment Lifecycle 317

    Stage 1: Planning and Design 318

    Stage 2: Deployment and Migration 324

    Stage 3: Operations and Management 330

    Summary 335

    References 336

Chapter 13 Wired and Wireless Assurance 337

    What Is the Best Practice for Your Enterprise Architecture? 337

    Wired Network Best Practice Design Concepts 338

    Tiered Network Design 340

    Stacking Constructs 342

    Layer 3 Architectures 343

    Optimizing Wireless Networks 344

    Anchoring Concepts (Catalyst/Meraki) 351

    Monitoring TrustSec and Security Enforcement 354

    Case Study: Financial Sector Customer 358

    Summary 360

Chapter 14 Large-Scale Software-Defined Network Deployment 361

    Introduction 361

    Network Design 362

    Security 367

    Automation 369

    Implementation: Kyle and Jason Go to Fast Burger 377

    Summary 379

Chapter 15 Cloud-Native Security Foundation 381

    Introduction to Cloud-Native Security: A Zero Trust Perspective 381

    Cloud Infrastructure Security: Pillars and Practices in the Modern Cloud 393

    Key Management in Cloud Environments 400

    Network Security Evolution and Segmentation 404

    Navigating Multicloud and Hybrid Cloud Security 413

    Monitoring and Logging Requirements for Compliance 421

    Summary 435

    References 436

Chapter 16 Cloud-Native Application Security 437

    Introduction to Cloud-Native Application Security 437

    Role of Cloud-Native Application Protection Platform (CNAPP) 458

    Building Secure Applications with Cloud-Native Security 460

    Unique Security Considerations for Serverless Architectures 470

    Emerging Trends and Future Outlook in Cloud-Native Security 482

    Summary 485

    References 486

Chapter 17 Data Center Segmentation On-Prem to the Cloud 487

    Introduction to Data Center Segmentation in Hybrid and Multicloud Environments 487

    Zero Trust and Microsegmentation Principles for Segmentation 489

    Segmentation Challenges in Hybrid and Multicloud Environments 491

    Ways to Implement End-to-End Segmentation Policies with Zero Trust 493

    Ways to Migrate Segmentation Policies: From On-Premises to Cloud 496

    Web3 and Immutable Trust in Hybrid Cloud Segmentation 514

    Summary 534   

    References 534

Chapter 18 Using Common Policy to Enforce Security 535

    Introduction to Security Policies 535

    Designing Common Security Policies 536

    Policy Enforcement Mechanisms 539

    Identity and Access Management (IAM) Policies 541

    Data Protection and Privacy Policies 543

    Network Security Policies 543

    From SDLC to SDL to SSDLC: A Journey Toward Secure Software Development 544

    OWASP SAMM: A Framework for Security Maturity 557

    Monitoring, Logging, and Auditing Policies 563

    Incident Response and Remediation Policies 564

    Policy Compliance and Verification 564

    Challenges in Policy Enforcement Across Hybrid Environments 565

    Future Directions in Policy-Based Security 565

    Summary 568

    References 569

Chapter 19 Workload Mobility: On-Prem to Cloud 571

    Definition and Scope of Workload Mobility 571

    Is Your Cloud Ready for Your Workloads? Understanding the Benefits and Challenges 572

    Choosing a Cloud Model with Zero Trust as the Goal 579

    Analysis of TCO and ROI for Workload Migration 581

    Building Out a Secure Migration Plan 583

    Integrating AWSs Well-Architected Framework: Case Study of ABC Corp 587

    Workload Migration Frameworks and Tools 589

    Data Security During Workload Migration 593

    Data Transfer vs. Cloud Migration: An Overview 598

    Cloud Migration Security 604

    Quality Engineering: The Heart of Cloud Migration 614

    Network and Connectivity Considerations 616

    Managing IP Addressing and DNS Changes 637

    Ensuring High Availability and Disaster Recovery Readiness 643

    Security Posture Adjustment Post-Migration 645

    Identity and Access Management in Hybrid Environments 649

    Summary 664

    References 665

Chapter 20 Resilience and Survivability 667

    Resilience Metrics 667

    Types of Resilience 671

    Software Resilience 674

    Resilience in the Cloud 676

    Consequences of Authentication and Authorization Resilience 681

    Client and Server Agent Resilience 684

    Audit Trail Resilience 686

    Proactive Resilience Validation 689

    Network Infrastructure Resilience Consideration 690

    Summary 690

Chapter 21 Zero Trust in Industrial Manufacturing Vertical 691

    Introduction to Industrial Networking 691

    Pillars of ZTNA for Industrial Plant Networks 696

    Secure Remote Access with ZTNA 706

    Extending ZTNA in a Noncarpeted Environment with Cisco SD-Access 710

    Summary 715

Chapter 22 Third-Party SDN Integrations 717

    Introduction to Third-Party SDN Integrations 717

    End-to-End Policy Strategy in a Multivendor Environment 718

    Benefits of End-to-End Segmentation 718

    Challenges in Multivendor Environments 719

    Why VXLAN-EVPN? 723

    BGP EVPN Detailed Traffic Flow and Architecture 725

    Security Considerations in the Campus 727

    Firewall Connectivity in the Campus 728

    Third-Party Vendor Firewall Policy Integration 735

    Highly Resilient Firewall Integrations 740

    Summary 743

    References 743

Chapter 23 Infrastructure as Code (IaC) 745

    Introduction 745

    Evolution of Automation in Network Device Deployment and Management 746

    Working with Structured Data 758

    Revision Control 761

    Building a Data Model 764

    Network Controllers vs. Direct to Device 765

    Deploying an IaC Architecture 766

    Securing IaC Provisioning 769

    Deploying a Resilient as Code Infrastructure 772

    As Code Today 773

    Transitioning to a Network as Code 774

    Pre-Validation in the Physical Replica or a Digital Twin 775

    Summary 776

9780138204600, TOC, 5/5/2025

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020


Other Things You Might Like

Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World
Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World
By Omar Santos, Savannah Lazzara, Wesley Thurner
eBook   $38.39
Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World
Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World
By Omar Santos, Savannah Lazzara, Wesley Thurner
Book   $47.99
Detection and Response with XDR: Integrated Security Solutions to Combat Emerging Threats (Video Course)
Detection and Response with XDR: Integrated Security Solutions to Combat Emerging Threats (Video Course)
By Steven McNutt, Katherine McNamara, Matt Vander Horst
Online Video   $239.99