Building and maintaining complex distributed systems
June 19–20, 2017: Training
June 20–22, 2017: Tutorials & Conference
San Jose, CA

Zero Trust networks: Building systems in untrusted networks

Douglas Barth (Stripe), Evan Gilman (N/A)
2:10pm–2:50pm Thursday, June 22, 2017
Location: LL21 E/F
Level: Intermediate
Average rating: ***..
(3.67, 3 ratings)

Who is this presentation for?

  • Network, systems, and security engineers (especially those responsible for secure architecture)

Prerequisite knowledge

  • A general understanding of networks, network security, and automation tools
  • Familiarity with how attackers gain access to a network and move around

What you'll learn

  • Explore Zero Trust, a new security model that considers all parts of the network to be equally untrusted
  • Learn how to build a more secure system by leveraging expected access patterns and automation (with less effort than a traditional perimeter model)


Let’s face it. The perimeter-based architecture has failed us. Today’s attack vectors can easily defeat expensive stateful firewalls and evade IDS systems. Perhaps even worse, a perimeter tricks people into believing that the network behind it is somehow “safe,” despite the fact that chances are overwhelmingly high that at least one device on that network is already compromised.

It is time to consider an alternative approach. Zero Trust is a new security model that considers all parts of the network to be equally untrusted. Taking this stance dramatically changes the way we implement security systems. For instance, how useful is a perimeter firewall if the networks on either side are equally untrusted? What is your VPN protecting if the network you’re dialing into is untrusted? The Zero Trust architecture is very different indeed.

Doug and Evan show how to leverage a network’s strengths by combining traditional SRE security approaches with novel technological arrangements while using software and hardware to secure the systems operating in those networks as they explore the Zero Trust model itself, why it’s so important, what a Zero Trust network looks like, and what components are required in order to actually meet the challenge.

Photo of Douglas Barth

Douglas Barth


Doug Barth is a site reliability engineer at Stripe. Doug has a deep interest in software, hardware, and production systems and has spent his career using computers to solve hard problems. He helped deploy PagerDuty’s IPsec mesh network and is now writing Zero Trust Networks.

Photo of Evan Gilman

Evan Gilman


Evan Gilman is a site reliability engineer currently focusing on Zero Trust research. With roots in academia, Evan finds passion in both reliable, performant systems, and the networks they run on. When he’s not building automated network systems, he can be found at the nearest pinball table or working on his upcoming book, Zero Trust Networks.