Some might say that Ronald Reagan stood at the cradle of Zero Trust by saying “Trust but verify” at the signing of the intermediate-Range Nuclear Forces Treaty with Russia in 1987, based on the Russian proverb “doveryay, no proveryay”. Others might say that Zero Trust has its roots in the Jericho Forum in 2006 using an approach aimed at securing data rather than systems and emphasizing that organizations should no longer rely solely on the network boundaries. This de-perimeterisation started to change our view on the value of trusted and untrusted networks. When John Kindervag in 2010 defined Zero Trust as a strategic initiative to eliminate trust from digital systems he did not mean to say that people using those systems cannot be trusted. But, trust is a human value that we have injected into digital systems, for absolutely no reason at all and this is the foundational problem in cybersecurity, as John often has stated.

In the last 12 months more and more international guidance has become available on defining and implementing a Zero Trust security model. For instance, the NSA (National Security Agency) guidance describes the design concepts and principles and provides recommendations that assist organizations and information security professionals during the implementation of a Zero Trust strategy.

These Zero Trust principles are often defined as 4 design principles (define business objectives, design from the inside out, determine least privileged access, inspect all traffic) combined with a 5 step implementation methodology. The principles are clearly defined and easy to understand.

On May 12 2021 the Biden administration has issued the ‘Executive Order on Improving the Nation’s Cybersecurity’ to improve the nation’s cybersecurity and protect federal government networks. This 30-page Executive Order mandates that executive branch federal agencies create “Zero Trust” environments and that within 60 days, the agencies must update plans to prioritize the adoption and use of cloud technology as well as develop a plan to implement Zero Trust architecture. This makes the Executive Order an important acknowledgement of the vision John created in back in 2010 on how to fix the broken and meanwhile obsolete trusted security model.

John Kindervag strongly believes that as agencies and other organizations begin to build a Zero Trust architecture, they should take incremental steps toward deploying the framework instead of trying to tackle everything in one large project. As soon as organizations start with their Zero Trust approach several questions will arise. What are the prerequisites before we can even define a Zero Trust strategy? Where to start? What are the pitfalls that we must avoid? Can we account for everything? What skills (technical and other) do security leaders, architects, engineers and administrators need in order to implement and maintain a Zero Trust model? How to adhere to the Zero Trust principles and what governance do we need? And last but not least, how can we align our cloud strategy with our Zero Trust strategy?

In this session John Kindervag, the creator of Zero Trust, will help us answering these questions and clarify how we can benefit from a Zero Trust approach to security.

Speaker: John Kindervag, Senior VP Cybersecurity Strategy and Group Fellow of ON2IT.

John is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Strategy for cybersecurity. Zero Trust is widely embraced by companies as diverse as Google, Barrett Steel and WestJet Airlines. Notably, the US House of Representatives, NIST, and the NSA are recommending that all government agencies adopt Zero Trust in the wake of the Solar Winds Data Breach. John Kindervag has been interviewed and published in numerous publications, including The Wall Street Journal, Forbes, and The New York Times. He has also appeared on television networks such as CNBC, Fox News, PBS, and Bloomberg discussing information security topics. John has spoken at many security conferences and events, including RSA, SXSW, ToorCon, ShmoCon, InfoSec Europe, and InfoSec World. John has a Bachelor of Arts degree in communications from the University of Iowa and lives in Dallas, TX. Previously, John Kindervag held the position of Field CTO at Palo Alto Networks. Before that, he spent eight and a half years at Forrester Research as a Vice President and Principal Analyst on the Security and Risk Team.

CPE|
1 CPE point