top of page
Search
  • Phil Venables
    • May 22, 2021
    • 2 min read

Segmentation Technologies / Zero Trust

I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or tweet I can’t now recall. It has stuck with me for a few months, not because I’m particularly interested in tanks, but rather because I really like this notion of thinking of doctrine (the intent of use, or overall philosophy of approach) as being something separate from structure (the thing you intend to use for that doctrinal purpose and how is it structured/built).



You can look across a whole set of spaces from technology to security and start to unpick the doctrine and structure, and position particular technologies on those axes. In doing so I find it forces you to think a bit harder about whether one set of features, technologies or products are being used in the right way. One example, below, is a quick stab at a chart for segmentation technologies (one element of, so called, zero trust architectures).


To be clear, I’m not saying this is complete or correct, it’s an illustrative example. But it is interesting to look at it this way and in particular look at what it doesn’t show. For example, I can’t think of a doctrine purist and structure neutral technology in this context. Perhaps you can? Perhaps there shouldn’t be one? Or maybe there should be and this is in fact a new technology category (if so, good luck with that, let me know what you build).


The other reason I like this approach is it does not mean that you only get to pick one technology to achieve the goal, in this case, segmentation in a zero trust context. Rather, it means you select a range of options to apply in the context of where that combination of technologies are meant to be used. Just like on a battlefield you get to pick a range of armored fighting vehicles to achieve a specific defensive or offensive outcome. But, unlike in armed conflict, we have more choice in our approach so we’re not confined to “going into battle with the army we have”.


I can imagine developing this further to include an operational overlay with the hypothesis that if there is a fit between a use case and the technologies that balances the doctrine and structure for that use case then operational effort should be optimal.


Bottom line: thinking about doctrine vs. structure appears to be a useful mental model to validate a technology’s adequacy for a particular task. In short, to know whether we are jamming a square peg into a round hole.

1,410 views0 comments

Recent Posts

See All

A Letter from the Future

A few weeks ago The White House published our PCAST report on cyber-physical resilience. Thank you for all the positive reactions to this. There is already much work going on behind the scenes in publ

InfoSec Hard Problems

We still have plenty of open problems in information and cybersecurity (InfoSec). Many of these problems are what could easily be classed as “hard” problems by any measure. Despite progress, more rese

DevOps and Security

Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report published in Q4 was as good as ever and in particular documented so

bottom of page