Some might say that Ronald Reagan stood at the cradle of Zero Trust by saying “Trust but verify” at the signing of the intermediate-Range Nuclear Forces Treaty with Russia in 1987, based on the Russian proverb “doveryay, no proveryay”. Others might say that Zero Trust has its roots in the Jericho Forum in 2006 using an approach aimed at securing data rather than systems and emphasizing that organizations should no longer rely solely on the network boundaries. This de-perimeterisation started to change our view on the value of trusted and untrusted networks. When John Kindervag in 2010 defined Zero Trust as a strategic initiative to eliminate trust from digital systems he did not mean to say that people using those systems cannot be trusted. But, trust is a human value that we have injected into digital systems, for absolutely no reason at all and this is the foundational problem in cybersecurity, as John often has stated.
This event will be in English using MS Teams
In the last 12 months more and more international guidance has become available on defining and implementing a Zero Trust security model. For instance, the NSA (National Security Agency) guidance describes the design concepts and principles and provides recommendations that assist organizations and information security professionals during the implementation of a Zero Trust strategy.
These Zero Trust principles are often defined as 4 design principles (define business objectives, design from the inside out, determine least privileged access, inspect all traffic) combined with a 5 step implementation methodology. The principles are clearly defined and easy to understand.
On May 12 2021 the Biden administration has issued the ‘Executive Order on Improving the Nation’s Cybersecurity’ to improve the nation’s cybersecurity and protect federal government networks. This 30-page Executive Order mandates that executive branch federal agencies create "Zero Trust" environments and that within 60 days, the agencies must update plans to prioritize the adoption and use of cloud technology as well as develop a plan to implement Zero Trust architecture. This makes the Executive Order an important acknowledgement of the vision John created in back in 2010 on how to fix the broken and meanwhile obsolete trusted security model.
John Kindervag strongly believes that as agencies and other organizations begin to build a Zero Trust architecture, they should take incremental steps toward deploying the framework instead of trying to tackle everything in one large project. As soon as organizations start with their Zero Trust approach several questions will arise. What are the prerequisites before we can even define a Zero Trust strategy? Where to start? What are the pitfalls that we must avoid? Can we account for everything? What skills (technical and other) do security leaders, architects, engineers and administrators need in order to implement and maintain a Zero Trust model? How to adhere to the Zero Trust principles and what governance do we need? And last but not least, how can we align our cloud strategy with our Zero Trust strategy?
In this webinar John Kindervag, the creator of Zero Trust, will help us answering these questions and clarify how we can benefit from a Zero Trust approach to security.
Program
| 16:00 hrs | Opening |
| 16:10 hrs | "Zero Trust, as it is meant to be!" by John Kindervag, ON2IT |
| 17:00 hrs | Q&A and discussion |
| 17:30 hrs | End of event |
John Kindervag