Do you think Biden's executive order accurately represented Zero Trust architecture?

LeadershipArchitecture
1.4k viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
CEO in Services (non-Government)4 years ago

They refer to a Zero Trust architecture but there's no acknowledgement that the packet is not a human being. The packet is what has Zero Trust—that's what needs to be looked at.

Lightbulb on1 circle icon2 Replies
no title4 years ago

We are on a mission to drive transparency, so what we're looking at right now is where the Zero Trust starts/stops, especially the handshake between systems. We just looked at a solution that gives full transparency of the data, and when we did a proof of concept it identified some operations that were configured incorrectly. When the systems start talking to each other, you configure it to operate against policy, but with millions of lines of code, you can't check everything.

Lightbulb on2
no title4 years ago

Very true it would be very difficult. In oversimplified terms, the Zero Trust might start with/at the producer of the data packet (human/machine or cyber-physical system) and end with/at  it's consumer's output (human/machine or cyber-physical system) If both systems are deemed ZeroTrust compliant, the handshake should technically be compliant as well, removing some of the overhead. Introspecting the packet between header and footer could then become the focus. Depending on the system applying  ML or even pattern recognition could also reduce the overhead while providing the transparency you seek.

President and National Managing Principal in Software4 years ago

The executive order has a pretty good definition of Zero Trust architecture that says it's “an acknowledgement that threats exist both inside and outside of traditional network boundaries. The Zero Trust security model eliminates implicit trust in any one element/node/service, and instead requires continuous verification from multiple sources to determine access and coordinate system wide.”  Here are formal definitions of Zero Trust from NIST (https://csrc.nist.gov/publications/detail/sp/800-207/final) and DoD (https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf).

Lightbulb on1 circle icon1 Reply
no title4 years ago

I honestly think we need to drop the "user" terminology and sub in "producers or consumers" of data.

Content you might like

Which best describes your knowledge of the number of IoT devices (both managed and unmanaged) in your system’s network?

I know the exact number19%

I don't know the exact number, but have a dashboard that can tell it to me.62%

We don't have a way to determine that number currently.18%

View Results

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Read More Comments

What would be the strategy to raise awareness among small businesses about investing in Cybersecurity?

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

B2B SaaS companies — What is your current ratio of CSM to total paying customers?

< 1:1014%

1:10-2541%

1:25-5027%

1:51-10011%

1:101-2003%

1:201-10003%

>1:1000

View Results