Zero Trust provides a modern approach to IT security, made necessary by changes in how the world operates and new, ever-evolving threats. Today, Zero Trust is recognized as an imperative by many organizations including but not limited to the US White House, NIST, and Department of Defense as well as many commercial organizations. With growing international adoption and the rapid migration of organizations to a Digital Enterprise, it is important that enterprises understand Zero Trust and provide a structure for it — an area where open standards excel.
Zero Trust is an information security approach in response to emerging security concerns on securing the organizational assets across any network. As such, it goes beyond the current notion of perimeter security alone being sufficient, to a future where assets of all sorts – data, applications, systems, APIs, secured zones, etc. – must be individually secured to provide sufficient protection.
Adopting a Zero Trust Architecture (ZTA) is meant to enable modern organizational practices, in supporting secure collaboration between organizations and enabling remote workers, while protecting enterprise data and information assets, including control systems and APIs, by moving authorization control close to the protected asset. To achieve a Zero Trust vision, we need to use existing cybersecurity capabilities as well as creating new capabilities.
This presentation will provide an overview of the initial Zero Trust Reference Model Snapshot being developed by The Open Group, a global consortium of more than 800 member organizations across the private and public sectors that enables the achievement of business objectives through technology standards. We will highlight our already-published Zero Trust Core Principles White Paper and the Zero Trust Commandments, which emphasize the importance of securing assets, in particular data, and we will discuss managing multi-level security from a government perspective. We will also briefly address how our effort ties in with work on Zero Trust Architecture being completed by NIST.