SlideShare a Scribd company logo
SACON
SACON International 2020
India | Bangalore | February 21 - 22 | Taj Yeshwantpur
Zero Trust Architecture
1
Jim Hietala, VP Business Development & Security
The Open Group
j.hietala@opengroup.org
SACON
Agenda
• Zero Trust Origins
• Zero Trust Architecture
• What is ZTA???
• Status in the market
• Gaps & issues
• Zero Trust Architecture Standards Opportunities
• About The Open Group, Security Initiatives
• Summary
2
SACON
!3
Full de-perimeterised working
Full Internet-based Collaboration
Consumerisation 

[Cheap IP based devices]
Limited Internet-based Collaboration
External Working

VPN based
External collaboration 

[Private connections]
Internet Connectivity

Web, e-Mail, Telnet, FTP
Connectivity for

Internet e-Mail
Connected LANs

interoperating protocols
Local Area Networks

Islands by technology
Stand-alone Computing 

[Mainframe, Mini, PC’s]
Time
Connectivity
Drivers: Low cost and 

feature rich devices
Drivers: B2B & B2C integration,
flexibility, M&A
Drivers: Cost, flexibility, 

faster working
Today
(2008)
Drivers: Outsourcing and 

off-shoring
Effective breakdown of
perimeter
Zero Trust Origins…De-perimeterization Timeline
SACON
De-Perimeterization Flipped Security Architecture On
Its Head…
➢ Perimeter security control
effectiveness today is suspect
at best
➢ Need to move security
controls closer to the data
➢ Distinction between insiders &
outsiders, employees,
contractors, consultants,
suppliers has disappeared
➢ Cloud native, mobile, BYOD,
IoT, IIoT exacerbate this
SACON
Bolted-on or Built-in?
➢ Security has historically tended
to be bolted-on (reactive, after
the fact) more often than built-in
(proactive, designed in up front)
➢ Vulnerabilities can exist in the
gaps between disparate security
controls
➢ Bolted-on security architectures
can be brittle and subject to
entropy as threats change
5
Fallen Star, UCSD, Jacobs Engineering Building
SACON
Extending De-perimeterization Thinking >
Zero Trust Architecture
• New zero-trust security models (e.g. BeyondCorp security
model described by Google)
• Assumes no trust, assumes no inside/outside of a defined
perimeter
• Focus is on identity and access control policy enforcement
for all computing devices, segmenting networks, and less
reliance on perimeter security systems
• Cloud and IoT deployment models make these new trust
models and security architectures even more critical
6
SACON
ZTA Origins
7
Jericho Forum
De-
perimeterization,
trust, data centric
security 2005-2014
Kindervag,
Forester
coins Zero
Trust
2010
Google
releases
Beyondcorp
papers
2014
Gartner coins
"Lean Trust"
2018
SACON
Foundational Jericho Forum Guidance
Publication Key Points
Jericho Forum
Commandments V1.2
(W124, 2007)
“5. All devices must be capable of maintaining their security policy
on an untrusted network”
“6. All people, processes and technology must have declared and
transparent levels of trust for any transaction to take place”
“7. Mutual trust assurance levels must be determinable”
”8. Access to data should be controlled by security attributes of the
data itself”
“Conclusion: De-perimeterization has happened, is happening, and
is inevitable, central protection is decreasing in effectiveness”
Jericho Forum
Identity
Commandments
(W125, 2011)
Establishes core identity concepts, identity attributes, entitlement
management and resource access rules
8
SACON
Publication Key Points
Trust Ecosystem-
G141,2014
Broad look at trust in online systems, proposes a trust taxonomy and
components
9
Foundational Jericho Forum Guidance
SACON
Foundational Security Forum Guidance
Publication Key Points
The Need for Data
Principles (W143,
2014)
Data-Centric Security, including data lifecycle, data sensitivity
Open Enterprise
Security
Architecture (O-
ESA, G112)
Security architecture principles, including Design for Malice,
and policy driven security architecture with policy
management, policy decision points, and policy enforcement
points.
Axioms for the
Practice of Security
Architecture (G192,
2019)
Describes 20 axioms or principles critical to security
architecture, including business risk-driven security, trust,
resilience, security by design, least privilege, device
sovereignty, context, managing access, and others.
10
SACON
Google BeyondCorp
11
SACON
Google BeyondCorp Components
• Device Inventory Service - A system that continuously collects, processes, and
publishes changes about the state of known devices.
• Trust Inferer - A system that continuously analyzes and annotates device state to
determine the maximum trust tier for accessing resources.
• Resources - The applications, services, and infrastructure that are subject to access
control by the system.
• Access Control Engine - A centralized policy enforcement service that provides
authorization decisions in real time.
• Access Policy - A programmatic representation of the resources, trust tiers, and
other predicates that must be satisfied for successful auth.
• Gateways - SSH servers, web proxies, and 802.1x-enabled wireless networks that
perform authorization actions.
12
SACON
Zero Trust Architecture Defined
• NIST: “Zero Trust Architecture (ZTA) provides a collection of
concepts, ideas, and component relationships (architectures)
designed to eliminate the uncertainty in enforcing accurate access
decisions in information systems and services.”
• Zero Trust Networks (O’Reilly, Gilman & Barth): “a collection of
design patterns and considerations which, when heeded, can
produce systems that are resilient to the vast majority of modern-
day attack vectors. In this model, nothing is taken for granted, and
every single access request is rigorously checked and proven to be
authorized.”
13NIST SP800-207 (draft, September, 2019)
SACON
Zero Trust Networks (Gilman & Barth)
• Authorization decisions require:
• Enforcement
• Policy engine
• Trust engine- the system in a zero trust network that performs
risk analysis against a particular request or action. This is a new
concept/component in security architectures.
• Data stores- may be inventories, e.g. user database, or
historical., e.g. audit/accounting DB
14
SACON
Two Broad Solution Categories
• External to Internal (North – South, client-service/VPN
replacement/SDP focus)
• Internal to Internal (East – West, network
microsegmentation focus)
• Mapping individual vendors into these solution
categories is a challenge
15
SACON
Zero Trust Guiding Principles
• Verify explicitly.
• Always authenticate and authorize based on all available data points, including
user identity, location, device health, service or workload, data classification, and
anomalies.
• Use least privileged access.
• Limit user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk-
based adaptive polices, and data protection to protect both data and productivity.
• Assume breach.
• Minimize blast radius for breaches and prevent lateral movement by segmenting
access by network, user, devices, and application awareness. Verify all sessions
are encrypted end to end. Use analytics to get visibility, drive threat detection, and
improve defenses.
16
Microsoft, Zero Trust Maturity Model
SACON
Tenets of Zero Trust Architecture
• All data sources and computing services are considered resources.
• All communication is secure regardless of network location.
• Access to individual enterprise resources is granted on a per-connection basis.
• Access to resources is determined by policy, including the observable state of
user identity and the requesting system, and may include other behavioral
attributes.
• The enterprise ensures all owned and associated systems are in the most
secure state possible and monitors systems to ensure that they remain in the
most secure state possible.
• User authentication is dynamic and strictly enforced before access is allowed.
17
Draft NIST Special Pub 800-27
SACON
How ZTA Improves Security
• General improvements offered by ZTA:
• Granular perimeters limit lateral movement within networks, limit
these threat vectors
• Assumption that networks are untrusted and that threats exist at
all times necessitates more robust controls
• ZTA improves employee experience by enabling mobile and
cloud use
• Use of data to drive security decision-making (risk, threats,
security posture and identity) enhances security
18
SACON
ZTA Vendor Marketing
• ZTA is at risk of being diluted as viable security
architecture by vendors claiming to provide zero trust
capabilities
• At a guess, there are now 50+ vendors from both of the
solution categories claiming to provide zero trust
• This isn’t helpful to end users, particularly when vendors
have a dubious claim re. actually delivering zero trust
capabilities…
19
SACON
Security Technical Debt & ZTA
• Requires significant upfront investment
• After reducing security technical debt owing to upfront
investment, ZTA should help keep security technical
debt lower going forward
20
SACON
Practical Challenges
• There isn’t a standard definition of what ZTA is
• Without an accepted standard definition, vendors are using and abusing the
term in the market
• Many organizations have bought in to network-based security
controls at the expense of planned security architecture…ZTA
requires mindset and approach change.
• Zero Trust Policy is not standardized (no standard exists for how to
express policies, hence all are custom)
• General lack of standards for ZTA solution components Making
them interoperable, and making policies portable/reusable)
• Fully realized, ZTA will require significant upfront investment
21
SACON
Adoption
22
Cybersecurity Insiders 2020 Zero Trust Progress Report surve
reprinted with permission
SACON
ZTA Potential Benefits
• Make security architectures less “brittle”
• Reduce entropy of a security architecture
• Minimize security technical debt over time
• Minimize lateral movement within networks by attackers
• Better model to address the changes in threats seen
over the past 10 years, as well as those in the future
23
SACON
ZTA Outside of Enterprise IT
• Zero trust is useful (essential) outside of enterprise IT
(connected vehicles, IIoT and OT environments)
• New standards initiative, Open Group OSDU platform
for oil and gas, is embracing zero trust (perimeters
aren’t effective, identities are everything to security)
24
SACON
ZTA Standards Opportunities
25
• Create standard frameworks and models and ZTA guidance to bring
clarity to what is/isn’t Zero Trust Architecture, and how to architect
for ZTA
• Enable a rich set of attributes that may be used in trust decisions
• Coalesce early standards interest and efforts to facilitate an
ecosystem of open and compatible zero trust components
• Zero trust algorithm
• Open source components (PEP, PIP, PDP, PAP) and reference implementations
SACON
ZTA Standards Landscape
26
• NIST Zero Trust Architecture, provides high level architectural
overview (SP800-207 draft)
• Cloud Security Alliance (Software Defined Perimeter framework)
• IETF (XMPP-Grid threat exchange)
• Open Source projects including Open Policy Agent, SPIFFE (open
source identity framework), SPIRE (open source toolchain
supporting SPIFFE in a variety of environments)
SACON
ZTA Standards Gaps
27
• Lack of a common accepted framework or standard model
• Lack of consistent terms for ZTA design, planning
• Systemic gaps in ZTA
• Lack of procurement guidance
• Lack of open, standardized interfaces between ZTA components
(proprietary APIs will inhibit adoption)
SACON
Security Forum ZTA Project
28
• Builds on foundational work done by the Jericho Forum 2005-2014
on de-perimeterization and data-centric security
• Includes some of the key contributors to the Jericho Forum
• Joint project between the Security Forum, Architecture Forum,
and the SABSA Institute
• Involvement from IBM, Microsoft, Boeing, NASA, DXC, Raytheon,
Woodside Energy, Accenture, and other large IT Customer and
Supplier organizations
SACON
ZTA Project Planned Deliverables:
29
• Survey of CISOs on ZTA plans, challenges
• Landscape white paper
• Guiding Principles of Zero Trust whitepaper
• Reference Architecture and Model whitepaper
• Trust algorithm
SACON
Where We Can Use Help
30
» Providing responses to our ZTA surveys (CISO’s, end
users, vendors)
» Contributing content for the ZTA Landscape White Paper
» Contributing to the Trust Algorithm project
SACON
How to Get Involved
31
» For end user organizations, vendors, and governments:
– Become members and gain access to all Security Forum projects,
including Security Architecture, Zero Trust Architectures, and Risk
Management/Open FAIR
– For membership information, contact Chris Parnell at
c.parnell@opengroup.org
» For highly qualified/experienced individuals with significant
contributions to make:
– Individual contributor role and IP agreement to enable contributions
SACON
Why Get Involved
32
• Learn from ZTA and security thought-
leaders
• Acquire knowledge and approaches that
you can bring back to you organization and
use in your day job
• Tackle common problems in a shared
contribution, collaborative environment
• Gain recognition as an author, reviewer,
translator or editor of industry best-practices
SACON
About The Open Group
Programs
Strategy
Platform
Mission
Vision
Our Vision:
Boundaryless Information Flow™
achieved through global
interoperability in a secure, reliable
and timely manner
» A global consortium that enables the
achievement of business objectives
through the development of open,
vendor-neutral technology standards
and certifications
» With more than 740 member
organizations. We have a diverse
membership that spans all sectors of
the IT community - customers,
systems and solutions suppliers, tool
vendors, integrators and consultants,
as well as academics and researchers
SACON
The Open Group
34
» Enable all organizations that use information technology to do things better,
faster, and cheaper
» Enable all suppliers of information technology products and services to gain
business benefit
» Enable every individual that we meet to develop their skills and capabilities
Everything we do, is intended to …
SACON
The Open Group is ...
35
Australia
Belgium
Brazil
Canada
China
Colombia
Czech Republic
Denmark
Finland
France
Germany
Hong Kong
India
Ireland
Israel
Italy
Japan
Korea
Luxembourg
Malaysia
740+ Member Organizations in 40 Countries
Staff and local partners in 12 Countries
Mexico
Netherlands
New Zealand
Nigeria
Norway
Philippines
Poland
Portugal
Qatar
Saudi Arabia
Singapore
South Africa
Spain
Sweden
Switzerland
Taiwan
Turkey
UK
United Arab Emirates
USA
Vietnam
SACON
The Open Group Programs
Enterprise Architecture Security
Risk Analysis
Security
Architecture
Managing Supply
Chain Risk
Airborne Communications
Standards & Certification
Managing the
Business of IT
Managing the
Emerging Platform
Certification
Products
&
Processes
Professional Certification
‘T’ Shaped People
Open Trusted Technology
Forum


Supply chain security
UNIX
Platform base
Standard evolution
Product certification
Open Platform 3.0®
Agile EA
SACON
Making Standards Work®
37
Customer/
Vendor needs
Forum or Work
Group
Standards
process
Certification
process
Market
adoption
Collaborate with other
consortia & standards
bodies
SACON
Security at The Open Group
• Forums:
• Certifications:
38
SACON
Guide: Integrating Security & Risk in a TOGAF Enterprise Architectu
39
Created in collaboration with
the SABSA Institute
Guide is available in our
bookstore now. (https://
publications.opengroup.org/g152)
Brings needed updates to
security and risk thinking in
TOGAF & EA.
SACON
Summary
40
• Zero Trust Architecture brings
significant benefits to enterprises
• Standards work is still needed, and
opportunities exist to get engaged
in The Open Group Security Forum’s
ZTA work

More Related Content

What's hot

Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar  - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar  - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecture
scoopnewsgroup
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Overview of Google’s BeyondCorp Approach to Security
 Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
Priyanka Aash
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
John Gilligan
 

What's hot (20)

Zero Trust
Zero TrustZero Trust
Zero Trust
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar  - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar  - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecture
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Overview of Google’s BeyondCorp Approach to Security
 Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 

Similar to (SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
Career Communications Group
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Zeeve
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
Arnold Antoo
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for Kubernetes
NGINX, Inc.
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
CompTIA UK
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
Jorge García
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Certes webinar securing the frictionless enterprise
Certes webinar   securing the frictionless enterpriseCertes webinar   securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
Jason Bloomberg
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
Frans Sauermann
 
Zero Tolerance Zero Trust Architecture
Zero Tolerance Zero Trust ArchitectureZero Tolerance Zero Trust Architecture
Zero Tolerance Zero Trust Architecture
aNumak & Company
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
LiveAction Next Generation Network Management Software
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
 
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
D3 Security
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
Zscaler
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
VISI
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
Vertex Holdings
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
KBIZEAU
 

Similar to (SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality (20)

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for Kubernetes
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Certes webinar securing the frictionless enterprise
Certes webinar   securing the frictionless enterpriseCertes webinar   securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
 
Zero Tolerance Zero Trust Architecture
Zero Tolerance Zero Trust ArchitectureZero Tolerance Zero Trust Architecture
Zero Tolerance Zero Trust Architecture
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 

More from Priyanka Aash

Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 

More from Priyanka Aash (20)

Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 

Recently uploaded

IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
digitalxplive
 

Recently uploaded (20)

IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
 

(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality

  • 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Zero Trust Architecture 1 Jim Hietala, VP Business Development & Security The Open Group j.hietala@opengroup.org
  • 2. SACON Agenda • Zero Trust Origins • Zero Trust Architecture • What is ZTA??? • Status in the market • Gaps & issues • Zero Trust Architecture Standards Opportunities • About The Open Group, Security Initiatives • Summary 2
  • 3. SACON !3 Full de-perimeterised working Full Internet-based Collaboration Consumerisation 
 [Cheap IP based devices] Limited Internet-based Collaboration External Working
 VPN based External collaboration 
 [Private connections] Internet Connectivity
 Web, e-Mail, Telnet, FTP Connectivity for
 Internet e-Mail Connected LANs
 interoperating protocols Local Area Networks
 Islands by technology Stand-alone Computing 
 [Mainframe, Mini, PC’s] Time Connectivity Drivers: Low cost and 
 feature rich devices Drivers: B2B & B2C integration, flexibility, M&A Drivers: Cost, flexibility, 
 faster working Today (2008) Drivers: Outsourcing and 
 off-shoring Effective breakdown of perimeter Zero Trust Origins…De-perimeterization Timeline
  • 4. SACON De-Perimeterization Flipped Security Architecture On Its Head… ➢ Perimeter security control effectiveness today is suspect at best ➢ Need to move security controls closer to the data ➢ Distinction between insiders & outsiders, employees, contractors, consultants, suppliers has disappeared ➢ Cloud native, mobile, BYOD, IoT, IIoT exacerbate this
  • 5. SACON Bolted-on or Built-in? ➢ Security has historically tended to be bolted-on (reactive, after the fact) more often than built-in (proactive, designed in up front) ➢ Vulnerabilities can exist in the gaps between disparate security controls ➢ Bolted-on security architectures can be brittle and subject to entropy as threats change 5 Fallen Star, UCSD, Jacobs Engineering Building
  • 6. SACON Extending De-perimeterization Thinking > Zero Trust Architecture • New zero-trust security models (e.g. BeyondCorp security model described by Google) • Assumes no trust, assumes no inside/outside of a defined perimeter • Focus is on identity and access control policy enforcement for all computing devices, segmenting networks, and less reliance on perimeter security systems • Cloud and IoT deployment models make these new trust models and security architectures even more critical 6
  • 7. SACON ZTA Origins 7 Jericho Forum De- perimeterization, trust, data centric security 2005-2014 Kindervag, Forester coins Zero Trust 2010 Google releases Beyondcorp papers 2014 Gartner coins "Lean Trust" 2018
  • 8. SACON Foundational Jericho Forum Guidance Publication Key Points Jericho Forum Commandments V1.2 (W124, 2007) “5. All devices must be capable of maintaining their security policy on an untrusted network” “6. All people, processes and technology must have declared and transparent levels of trust for any transaction to take place” “7. Mutual trust assurance levels must be determinable” ”8. Access to data should be controlled by security attributes of the data itself” “Conclusion: De-perimeterization has happened, is happening, and is inevitable, central protection is decreasing in effectiveness” Jericho Forum Identity Commandments (W125, 2011) Establishes core identity concepts, identity attributes, entitlement management and resource access rules 8
  • 9. SACON Publication Key Points Trust Ecosystem- G141,2014 Broad look at trust in online systems, proposes a trust taxonomy and components 9 Foundational Jericho Forum Guidance
  • 10. SACON Foundational Security Forum Guidance Publication Key Points The Need for Data Principles (W143, 2014) Data-Centric Security, including data lifecycle, data sensitivity Open Enterprise Security Architecture (O- ESA, G112) Security architecture principles, including Design for Malice, and policy driven security architecture with policy management, policy decision points, and policy enforcement points. Axioms for the Practice of Security Architecture (G192, 2019) Describes 20 axioms or principles critical to security architecture, including business risk-driven security, trust, resilience, security by design, least privilege, device sovereignty, context, managing access, and others. 10
  • 12. SACON Google BeyondCorp Components • Device Inventory Service - A system that continuously collects, processes, and publishes changes about the state of known devices. • Trust Inferer - A system that continuously analyzes and annotates device state to determine the maximum trust tier for accessing resources. • Resources - The applications, services, and infrastructure that are subject to access control by the system. • Access Control Engine - A centralized policy enforcement service that provides authorization decisions in real time. • Access Policy - A programmatic representation of the resources, trust tiers, and other predicates that must be satisfied for successful auth. • Gateways - SSH servers, web proxies, and 802.1x-enabled wireless networks that perform authorization actions. 12
  • 13. SACON Zero Trust Architecture Defined • NIST: “Zero Trust Architecture (ZTA) provides a collection of concepts, ideas, and component relationships (architectures) designed to eliminate the uncertainty in enforcing accurate access decisions in information systems and services.” • Zero Trust Networks (O’Reilly, Gilman & Barth): “a collection of design patterns and considerations which, when heeded, can produce systems that are resilient to the vast majority of modern- day attack vectors. In this model, nothing is taken for granted, and every single access request is rigorously checked and proven to be authorized.” 13NIST SP800-207 (draft, September, 2019)
  • 14. SACON Zero Trust Networks (Gilman & Barth) • Authorization decisions require: • Enforcement • Policy engine • Trust engine- the system in a zero trust network that performs risk analysis against a particular request or action. This is a new concept/component in security architectures. • Data stores- may be inventories, e.g. user database, or historical., e.g. audit/accounting DB 14
  • 15. SACON Two Broad Solution Categories • External to Internal (North – South, client-service/VPN replacement/SDP focus) • Internal to Internal (East – West, network microsegmentation focus) • Mapping individual vendors into these solution categories is a challenge 15
  • 16. SACON Zero Trust Guiding Principles • Verify explicitly. • Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies. • Use least privileged access. • Limit user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk- based adaptive polices, and data protection to protect both data and productivity. • Assume breach. • Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and application awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility, drive threat detection, and improve defenses. 16 Microsoft, Zero Trust Maturity Model
  • 17. SACON Tenets of Zero Trust Architecture • All data sources and computing services are considered resources. • All communication is secure regardless of network location. • Access to individual enterprise resources is granted on a per-connection basis. • Access to resources is determined by policy, including the observable state of user identity and the requesting system, and may include other behavioral attributes. • The enterprise ensures all owned and associated systems are in the most secure state possible and monitors systems to ensure that they remain in the most secure state possible. • User authentication is dynamic and strictly enforced before access is allowed. 17 Draft NIST Special Pub 800-27
  • 18. SACON How ZTA Improves Security • General improvements offered by ZTA: • Granular perimeters limit lateral movement within networks, limit these threat vectors • Assumption that networks are untrusted and that threats exist at all times necessitates more robust controls • ZTA improves employee experience by enabling mobile and cloud use • Use of data to drive security decision-making (risk, threats, security posture and identity) enhances security 18
  • 19. SACON ZTA Vendor Marketing • ZTA is at risk of being diluted as viable security architecture by vendors claiming to provide zero trust capabilities • At a guess, there are now 50+ vendors from both of the solution categories claiming to provide zero trust • This isn’t helpful to end users, particularly when vendors have a dubious claim re. actually delivering zero trust capabilities… 19
  • 20. SACON Security Technical Debt & ZTA • Requires significant upfront investment • After reducing security technical debt owing to upfront investment, ZTA should help keep security technical debt lower going forward 20
  • 21. SACON Practical Challenges • There isn’t a standard definition of what ZTA is • Without an accepted standard definition, vendors are using and abusing the term in the market • Many organizations have bought in to network-based security controls at the expense of planned security architecture…ZTA requires mindset and approach change. • Zero Trust Policy is not standardized (no standard exists for how to express policies, hence all are custom) • General lack of standards for ZTA solution components Making them interoperable, and making policies portable/reusable) • Fully realized, ZTA will require significant upfront investment 21
  • 22. SACON Adoption 22 Cybersecurity Insiders 2020 Zero Trust Progress Report surve reprinted with permission
  • 23. SACON ZTA Potential Benefits • Make security architectures less “brittle” • Reduce entropy of a security architecture • Minimize security technical debt over time • Minimize lateral movement within networks by attackers • Better model to address the changes in threats seen over the past 10 years, as well as those in the future 23
  • 24. SACON ZTA Outside of Enterprise IT • Zero trust is useful (essential) outside of enterprise IT (connected vehicles, IIoT and OT environments) • New standards initiative, Open Group OSDU platform for oil and gas, is embracing zero trust (perimeters aren’t effective, identities are everything to security) 24
  • 25. SACON ZTA Standards Opportunities 25 • Create standard frameworks and models and ZTA guidance to bring clarity to what is/isn’t Zero Trust Architecture, and how to architect for ZTA • Enable a rich set of attributes that may be used in trust decisions • Coalesce early standards interest and efforts to facilitate an ecosystem of open and compatible zero trust components • Zero trust algorithm • Open source components (PEP, PIP, PDP, PAP) and reference implementations
  • 26. SACON ZTA Standards Landscape 26 • NIST Zero Trust Architecture, provides high level architectural overview (SP800-207 draft) • Cloud Security Alliance (Software Defined Perimeter framework) • IETF (XMPP-Grid threat exchange) • Open Source projects including Open Policy Agent, SPIFFE (open source identity framework), SPIRE (open source toolchain supporting SPIFFE in a variety of environments)
  • 27. SACON ZTA Standards Gaps 27 • Lack of a common accepted framework or standard model • Lack of consistent terms for ZTA design, planning • Systemic gaps in ZTA • Lack of procurement guidance • Lack of open, standardized interfaces between ZTA components (proprietary APIs will inhibit adoption)
  • 28. SACON Security Forum ZTA Project 28 • Builds on foundational work done by the Jericho Forum 2005-2014 on de-perimeterization and data-centric security • Includes some of the key contributors to the Jericho Forum • Joint project between the Security Forum, Architecture Forum, and the SABSA Institute • Involvement from IBM, Microsoft, Boeing, NASA, DXC, Raytheon, Woodside Energy, Accenture, and other large IT Customer and Supplier organizations
  • 29. SACON ZTA Project Planned Deliverables: 29 • Survey of CISOs on ZTA plans, challenges • Landscape white paper • Guiding Principles of Zero Trust whitepaper • Reference Architecture and Model whitepaper • Trust algorithm
  • 30. SACON Where We Can Use Help 30 » Providing responses to our ZTA surveys (CISO’s, end users, vendors) » Contributing content for the ZTA Landscape White Paper » Contributing to the Trust Algorithm project
  • 31. SACON How to Get Involved 31 » For end user organizations, vendors, and governments: – Become members and gain access to all Security Forum projects, including Security Architecture, Zero Trust Architectures, and Risk Management/Open FAIR – For membership information, contact Chris Parnell at c.parnell@opengroup.org » For highly qualified/experienced individuals with significant contributions to make: – Individual contributor role and IP agreement to enable contributions
  • 32. SACON Why Get Involved 32 • Learn from ZTA and security thought- leaders • Acquire knowledge and approaches that you can bring back to you organization and use in your day job • Tackle common problems in a shared contribution, collaborative environment • Gain recognition as an author, reviewer, translator or editor of industry best-practices
  • 33. SACON About The Open Group Programs Strategy Platform Mission Vision Our Vision: Boundaryless Information Flow™ achieved through global interoperability in a secure, reliable and timely manner » A global consortium that enables the achievement of business objectives through the development of open, vendor-neutral technology standards and certifications » With more than 740 member organizations. We have a diverse membership that spans all sectors of the IT community - customers, systems and solutions suppliers, tool vendors, integrators and consultants, as well as academics and researchers
  • 34. SACON The Open Group 34 » Enable all organizations that use information technology to do things better, faster, and cheaper » Enable all suppliers of information technology products and services to gain business benefit » Enable every individual that we meet to develop their skills and capabilities Everything we do, is intended to …
  • 35. SACON The Open Group is ... 35 Australia Belgium Brazil Canada China Colombia Czech Republic Denmark Finland France Germany Hong Kong India Ireland Israel Italy Japan Korea Luxembourg Malaysia 740+ Member Organizations in 40 Countries Staff and local partners in 12 Countries Mexico Netherlands New Zealand Nigeria Norway Philippines Poland Portugal Qatar Saudi Arabia Singapore South Africa Spain Sweden Switzerland Taiwan Turkey UK United Arab Emirates USA Vietnam
  • 36. SACON The Open Group Programs Enterprise Architecture Security Risk Analysis Security Architecture Managing Supply Chain Risk Airborne Communications Standards & Certification Managing the Business of IT Managing the Emerging Platform Certification Products & Processes Professional Certification ‘T’ Shaped People Open Trusted Technology Forum 
 Supply chain security UNIX Platform base Standard evolution Product certification Open Platform 3.0® Agile EA
  • 37. SACON Making Standards Work® 37 Customer/ Vendor needs Forum or Work Group Standards process Certification process Market adoption Collaborate with other consortia & standards bodies
  • 38. SACON Security at The Open Group • Forums: • Certifications: 38
  • 39. SACON Guide: Integrating Security & Risk in a TOGAF Enterprise Architectu 39 Created in collaboration with the SABSA Institute Guide is available in our bookstore now. (https:// publications.opengroup.org/g152) Brings needed updates to security and risk thinking in TOGAF & EA.
  • 40. SACON Summary 40 • Zero Trust Architecture brings significant benefits to enterprises • Standards work is still needed, and opportunities exist to get engaged in The Open Group Security Forum’s ZTA work