{"id":118263,"date":"2020-11-23T12:00:55","date_gmt":"2020-11-23T09:00:55","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/can-you-trust-zero-trust-cloudsavvy-it\/"},"modified":"2020-11-23T12:00:55","modified_gmt":"2020-11-23T09:00:55","slug":"can-you-trust-zero-trust-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/","title":{"rendered":"#Can You Trust Zero Trust? \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a240922e7c9c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a240922e7c9c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Castles_and_Moats\" >Castles and Moats<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Zero_Trust\" >Zero Trust<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Implementing_Zero_Trust\" >Implementing Zero Trust<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Understand_Your_Network_Assets_and_Data_Flows\" >Understand Your Network, Assets, and Data Flows<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Build_From_Identity_Outwards\" >Build From Identity Outwards<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Leverage_Health_Information\" >Leverage Health Information<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Trust_is_a_Vulnerability\" >Trust is a Vulnerability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Protect_Devices_Users_and_Services\" >Protect Devices, Users, and Services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/can-you-trust-zero-trust-cloudsavvy-it\/#Use_Commercial_Offerings_and_standards\" >Use Commercial Offerings and standards<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Can You Trust Zero Trust? \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure id=\"attachment_8141\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8141 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/0bd80ed1a0e4b747366e8dd885743f62\/p\/uploads\/2020\/11\/5e369934-1.png\" alt=\"\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/famous-beaumaris-castle-anglesey-north-wales-220472434\" data-credittext=\"Shutterstock\/Samot\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/famous-beaumaris-castle-anglesey-north-wales-220472434\">Shutterstock\/Samot<\/a><\/span><\/figcaption><\/figure>\n<p>Trust is a vulnerability. Protecting the network perimeter and trusting authenticated users is being replaced by a new paradigm where you trust nothing and verify everything. Welcome to Zero Trust.<\/p>\n<h2 id=\"castles-and-moats\"><span class=\"ez-toc-section\" id=\"Castles_and_Moats\"><\/span>Castles and Moats<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The traditional cyber security model has been likened to a castle and moat. You bring all of your valuable assets inside the fortified walls, and you regulate access with a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Portcullis\">portcullis<\/a>, a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Drawbridge\">drawbridge<\/a>, and a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Moat\">moat<\/a>.<\/p>\n<p>If someone wants to enter the castle they have to have a conversation with the guards in the gatehouse. If the individual is recognized as someone who should be allowed inside, the drawbridge is lowered, the portcullis is raised, and they are permitted to enter. If they are unrecognized but possess a token vouching for them such as a scroll bearing the signature and official seal of a trusted nobleman they will be allowed in. An unknown with no means to identify themselves is left outside.<\/p>\n<p>With a network, you have your precious network assets inside your firewalls and other digital fortifications. Connections to the network are only permitted after a conversation between the device that wants to connect and the authentication services of the network. An ID and password pair have to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/trip-and-travel\/\" data-internallinksmanager029f6b8e52c=\"10\" title=\"Trip &amp; Travel\" target=\"_blank\" rel=\"noopener\">travel<\/a> between them. If the credentials are accepted, access is granted and they are allowed within the perimeter. Obviously, today your perimeter has extended to include your cloud assets.<\/p>\n<p>The person you\u2019ve just admitted may have\u00a0<em>bona fide<\/em>\u00a0credentials, but they might still have malicious intent. And they now have the run of the castle. Or the network.<\/p>\n<p>With Zero Trust you don\u2019t authenticate once then trust for the duration of the connection. The honed-down Zero Trust maxim is \u201cnever trust, always verify.\u201d And you keep verifying even when the visitor\u2014regardless of how frequently they visit\u2014has been allowed inside your perimeter.<\/p>\n<h2 id=\"zero-trust\"><span class=\"ez-toc-section\" id=\"Zero_Trust\"><\/span>Zero Trust<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Zero Trust is <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly considered to have been birthed in 2010 when\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/go.forrester.com\/speakers\/john-kindervag\/\">John Kindervag<\/a>\u00a0gave a talk at a conference and subsequently released a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/media.paloaltonetworks.com\/documents\/Forrester-No-More-Chewy-Centers.pdf\">series of papers<\/a>.<\/p>\n<p>The core concept of Zero Trust is that organizations should never automatically trust anything inside or outside the network. That is, don\u2019t automatically trust someone trying to get inside, and don\u2019t trust anyone just because they are inside. Zero Trust is built on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a>, topology, and governance. Many of the technologies have been around for a long time.<\/p>\n<p>The first consideration is user identification and authentication. It goes deeper than an ID and a strong password.\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Multi-factor_authentication\">Multi-factor authentication<\/a>\u00a0(MFA) is the norm. Passwordless authentication using standards such as\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/fidoalliance.org\/fido2\/\">FIDO2<\/a>\u00a0can also be used. And the identification also includes the\u00a0<em>device<\/em>\u00a0the user is accessing the network from. Is it their usual corporate device, from within the network? Is it a corporate laptop from outside the perimeter? Or is it a personal device? Is the IP address it is connecting from one that has been seen before?<\/p>\n<p>IT Governance comes into play here. You define what behavior you\u2019re going to allow. Can someone use a personal device from outside the network, or only inside the network, or neither? Or perhaps staff can use them inside the network but they are limited to read-only access.<\/p>\n<p>Together, the user and the device are awarded a value, something like a security score. It dictates what this user session is capable of, according to the role and privileges of the user and the company\u2019s knowledge, experience, and confidence in the device. If the device is a well-known computing device listed in the IT asset register and the operating system is patched up to date and the end-point protection has the latest signatures, it\u2019ll be treated very differently than an unrecognized personal tablet connecting from a hitherto unseen IP address.<\/p>\n<p>The second consideration is the network design. A flat network topology is like an open-plan office. Anyone can stray anywhere. A flat network is too easy to laterally traverse and explore. Network segmentation\u2014even to the point of micro-segmentation\u2014using next-generation switches and firewalls will provide granular access controls to restrict access to sensitive or valuable data or assets. Only those users with legitimate access rights\u2014and a verified device\u2014will be able to access the various network segments.<\/p>\n<p>The third consideration is <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lication-level control. Who can access the different software and services you have on your network? Based on the network segment the application is hosted in, and the user and device score, you can grant or remove permission for users to run or use particular software packages.<\/p>\n<p>With Zero Trust you provide controls and protections as close to the asset you\u2019re protecting as possible. You design your network and its segmentation and protection requirements from the inside-out, not the outside-in.<\/p>\n<p>Commercial software is available to make it easier to achieve this level of granular control and user and device authentication. These provide invaluable reporting, monitoring, and alerting that can be customized to react to different events and triggers such as device hardware type, firmware level, operating system versions, patch levels, and security incident detections.<\/p>\n<h2 id=\"implementing-zero-trust\"><span class=\"ez-toc-section\" id=\"Implementing_Zero_Trust\"><\/span>Implementing Zero Trust<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7840\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/3871d79650f15a39c2e5306bc50fbcd4\/p\/uploads\/2020\/11\/caf934f4.png\" alt=\"\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Implementing a Zero Trust Architecture (ZTA) on an existing corporate network is best achieved by phasing it in as part of your overall digital transformation strategy. Trying to retro-fit an entire ZTA onto an existing corporate network big-bang style isn\u2019t going to end well.<\/p>\n<p>An ideal opportunity is when you are planning a cloud migration. You can view the cloud as a greenfield site and implement the layers of the ZTA before you move your line of business operations to the cloud.<\/p>\n<h3 id=\"understand-your-network-assets-and-data-flows\"><span class=\"ez-toc-section\" id=\"Understand_Your_Network_Assets_and_Data_Flows\"><\/span>Understand Your Network, Assets, and Data Flows<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Map your network thoroughly. That includes the current topology and all of the network-connected devices. This is going to require an asset discovery phase. There are software tools that can help you with this, but it usually involves some floor-walking, clambering about in server rooms and cupboards, and crawling under desks. Don\u2019t forget assets that are in the homes of staff.<\/p>\n<p>You also need to understand the data, applications, and services that the users of the devices access.<\/p>\n<p>You\u2019re now in a position where you can perform a risk analysis. If the risks cannot be mitigated using a ZTA you may need to retain some of your existing security controls until you can reorganize your workflows or topology in a way that allows the ZTA to provide sufficient protection when later phases of your digital transformation are implemented.<\/p>\n<h3 id=\"build-from-identity-outwards\"><span class=\"ez-toc-section\" id=\"Build_From_Identity_Outwards\"><\/span>Build From Identity Outwards<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>There\u2019s a saying that with Zero Trust, identity is the new perimeter. So identity must be managed and securely controlled. The principles of least permission should be followed so that a user has the permissions they need to fulfill their role and nothing more. Users must never share account credentials.<\/p>\n<p>An <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Identity_management\">Identity and Access Management<\/a> (IAM) system that is compatible with internal and external services will provide a single, central, secure source of identity verification. An IAM system that can federate with external systems used by third-parties who might need to access your network periodically may be advantageous to you.<\/p>\n<p>Applications and devices\u2014including Internet of Things devices\u2014should be allocated their own identities with the minimum privileges required for them to operate. Applications and services can use certificate-based authentication to permit connections with other software platforms, for example.<\/p>\n<h3 id=\"use-health-information\"><span class=\"ez-toc-section\" id=\"Leverage_Health_Information\"><\/span>Leverage Health Information<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Device identity will be used with challenge and response conversations regarding the security state of the device\u2014including the patch state of applications and the operating system, the presence and state of end-point protection\u2014and the identity of the user to decide what the device is allowed to do. Deeper challenges can be posed to the device, checking on items such as the firmware version and the device\u2019s boot process.<\/p>\n<p>The user associated with the device can also be given a health score. Are they connecting from an unknown IP address that suggests a geographical anomaly? Are they trying to connect at three in the morning?<\/p>\n<p>Rules and policies that you create within your Zero Trust management platform will determine what the user can do.<\/p>\n<h3 id=\"trust-is-a-vulnerability\"><span class=\"ez-toc-section\" id=\"Trust_is_a_Vulnerability\"><\/span>Trust is a Vulnerability<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In Zero Trust networks, everything is considered hostile and all connections that access data or services should be authenticated. User access is controlled using multi-factor authentication or key-based password-less systems and an Identity and Access Management system.<\/p>\n<p>Extra authentication will be requested when the user wants to access sensitive or valuable data or other assets. But this doesn\u2019t mean the user experience has to be bad. In fact, with a physical key or fob-based system, it can actually improve.<\/p>\n<p>Services and applications can authenticate via API calls or using a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Public_key_infrastructure\">public key infrastructure<\/a>.<\/p>\n<h3 id=\"protect-devices-users-and-services\"><span class=\"ez-toc-section\" id=\"Protect_Devices_Users_and_Services\"><\/span>Protect Devices, Users, and Services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Zero Trust means trusting nothing, not even your own network. Your devices need to be protected from threats that might exist within your own network. You\u2019ll still need to use end-point protection software to defend against viruses and other malware, and authenticated, encrypted protocols such as <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security\">Transport Layer Security<\/a> (TLS) should be used to access foundational network services such as the <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System\">Domain Name Service<\/a> (DNS).<\/p>\n<p>Basic cyber hygiene such as monitoring the network for unauthorized devices or inexplicable behavior should continue, and security patch regimes should be maintained.<\/p>\n<p>Because you invested the effort to map your network and determine the devices, applications, and services that users will require access to, your Zero Trust monitoring can use that information to detect attempted violations of the rules that you have put in place.<\/p>\n<h3 id=\"use-commercial-offerings-and-standards\"><span class=\"ez-toc-section\" id=\"Use_Commercial_Offerings_and_standards\"><\/span>Use Commercial Offerings and standards<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Use software, services, platforms, and providers who already support Zero Trust. Trying to build your own supporting infrastructure should be avoided due to the cost, complexity, and potential for error.<\/p>\n<p>The standard cyber security mantra of using tools, products, and services designed and developed by specialist professionals holds true.<\/p>\n<p>Whenever possible, use standards-based solutions. You\u2019ll get easier interoperability between devices and services, and it simplifies federation between external systems you may wish to connect and interact with, such as those provided by your cloud provider.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/8090\/can-you-trust-zero-trust\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Can You Trust Zero Trust? \u2013 CloudSavvy IT&#8221; Shutterstock\/Samot Trust is a vulnerability. Protecting the network perimeter and trusting authenticated users is being replaced by a new paradigm where you trust nothing and verify everything. Welcome to Zero Trust. Castles and Moats The traditional cyber security model has been likened to a castle and moat&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":118264,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/11\/5e369934-1.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-118263","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/118263","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=118263"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/118263\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/118264"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=118263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=118263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=118263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}