+ Least privileged access and isolation. Worst-case, 5-tuple, session-by-session. Best-case, app level bindings, independent of addressing. Isolation to prevent lateral attacks.
+ Zero trust. Yes the ZT term seems to have been taken over by marketing, but the architecture itself is sound.
+ Telemetry data for proper visibility.
+ Programmable-by-Design. Integrate into overall app and security constructs and tooling; no (mainly) separate VPN islands.
+ Least privileged access and isolation. Worst-case, 5-tuple, session-by-session. Best-case, app level bindings, independent of addressing. Isolation to prevent lateral attacks.
+ Zero trust. Yes the ZT term seems to have been taken over by marketing, but the architecture itself is sound.
+ Telemetry data for proper visibility.
+ Programmable-by-Design. Integrate into overall app and security constructs and tooling; no (mainly) separate VPN islands.