Do you think lobbyists contributed to the emphasis on Zero Trust architecture in Biden’s executive order?

Security & GRCIdentity & Access Management (IAM)
1.2k viewscircle icon1 Upvotecircle icon4 Comments
Sort by:
Member Board of Directors in Finance (non-banking)4 years ago

Zero trust is a pretty good approach in some environments. I know there's a lot of investment going into solutions to support the zero trust architecture, but I'm not sure I can judge whether that language was inserted by lobbyists.

Board Member, Advisor, Executive Coach in Software4 years ago

The executive order calls out zero trust a few times in the things they're doing now. While I agree with zero trust architecture, having been in the tech sector for a long time, it suggests to me that the tech players who have big public policy lobbying arms inserted that language to give themselves the ability to market to the federal government. I've just seen the public policy arm of various industries influence the language of policy for their own profit motivations. There could have been a different way to describe it that was benign of the labeling that benefits some people.

2 Replies
no title4 years ago

Is there an argument for not using zero trust architecture? Who would benefit if the government didn’t take this stance?

Lightbulb on1
no title4 years ago

I don&#39;t doubt lobbyists were involved to some extent, but I also know several individual advisors for the administration and associated think thanks who swing around buzzwords just as easily as tech companies in order to sound pithy and relevant when speaking to policymakers. Using industry shorthand in legislative measures may appease certain circles and make policy advisors feel like they&#39;re &#34;in the know,&#34; but its use in this EO does cause me to wonder whether the government officials using it truly understand it because if they did, why rely on the buzzword? Instead, we should clearly spell out what we mean. <br><br>I&#39;ve seen a lot of zero trust apostles praising the EO simply for its inclusion of a buzzword they like &amp; little evaluation of whether we&#39;ve effectively communicated the expectations to those will have to implement them....and whether what we&#39;ve actually communicated via vague buzzwords will lead organizations down a productive path.

Lightbulb on2

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

How often do you survey your organization for new, emerging risks? My company currently does quarterly surveys and I am contemplating dropping it down to 2x/year. Appreciate the insights!

Read More Comments

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Read More Comments

How is your company complying with CCPA's Do Not Sell My Personal Information requirement for your California users?

We configured our current consent manager to support Do Not Sell signals.19%

We built an internal tech solution to propagate Do Not Sell signals to relevant adtech platforms.43%

We use a different tool, in addition to our consent manager, to meet this requirement.16%

We are not doing anything, but know we need to find a solution.8%

We are not doing anything yet, and are purposely waiting until CPRA's Do Not Share requirement comes into effect in 2023.3%

We are not doing anything, and do not need to meet this requirement.10%

View Results

Blackhat EU is coming up -- are you going?

Yes51%

No42%

Undecided6%

View Results