Zero Trust

 View Only
  • 1.  Recap: Business Value of Zero Trust working session (Nov 17)

    Posted 11 days ago
    Hi folks - a quick recap from our working session this morning, Thursday, Nov 17

    Thanks everyone for your participation & engagement
    • Intros and welcome to new members
    • Recap of the Google group for this workstream
    • Quick review of the in-progress Business Value of Zero Trust whitepaper proposal:
      • https://docs.google.com/document/d/1s9OTHZxmv6SURkrq2lAP3Bp32WsHElHw9x-kWQvbGfw/edit?usp=share_link
      • Requesting final input before submission to the ZT steering committee
    • Interactive discussion, editing, and brainstorming on the draft a set of personas to represent the direct and indirect target audience for the ZT working group assets
      • https://docs.google.com/spreadsheets/d/1SoI24cBYyubfFHf27KvQnrMDfNIWyTaO/edit?usp=share_link&ouid=105169721242682585015&rtpof=true&sd=true

    Work plan:
    • Finalize mini charter -Erik has asked for a second review via the new Google Groups. Jason to kick off by Nov 9. Posted / Open for final review through Nov 23
    • Personas - plan for next few working sessions to publish first version, for use across workstreams. Ongoing
    • Whitepaper proposal - by Nov 9 - complete and circulate for feedback & approval. Ready for final review / planned to send to steering committee Nov 23
    Today's meeting Recording Link: 
    https://cloudsecurityalliance.zoom.us/rec/share/vkuzKi8nHbNkpEBDWkOmHSCtP31RwUCZpazsy5Ar0IAOpiTDUFcu6NfoD2f-52uW.4EX4HAF7TweSF8Zx
    Passcode: Nt!4G=&A

    Our next workstream session is Thursday December 1 at 8pm ET

    Topics:
    1. Intros to new members
    2. Ongoing review and discussion of the reader personas
    3. Status / feedback on the whitepaper proposal


    ------------------------------
    Jason Garbis, CISSP
    Co-Chair, Zero Trust Working Group
    CPO, Appgate
    Author: Zero Trust Security: An Enterprise Guide
    ------------------------------


  • 2.  RE: Recap: Business Value of Zero Trust working session (Nov 17)

    Posted 10 days ago
    Edited by Paul Simmonds 10 days ago

    One plea from me; the use of the word "persona" in the way you are using it is incredibly misleading and confusing.

    Zero Trust is (almost certainly) incredibly reliant on Identity, and in the Identity space, "persona's" have a very specific meaning, as a facet of a persons overall identity (normally exposed in a particular setting) - for example I might be happy to share my "work persona" with you (join of Entity:Person & Entity:Organization) but not my sexual-persuasion persona (and certainly not in certain parts of the world) - so there are huge intersections with trust, privacy and anonymity.

    Persona also spill over into the crypto world when it comes to one-way cryptographic joins between entities, giving a persona a unique cryptographic signature / key. These can then be used to prove signed assertions al-la the W3C Verifiable Claims Data Model and Decentralized Identifiers (DIDs) - all of which will be used in ZT solutions.

    Bottom-line; I understand why you are using the word, but can you choose a different word that makes the same point!



    ------------------------------
    Paul Simmonds
    CSA UK Chapter
    CEO, Global Identity Foundation
    ------------------------------



  • 3.  RE: Recap: Business Value of Zero Trust working session (Nov 17)

    Posted 4 days ago
    @Paul Simmonds, you have a habit of bringing up things that have been sticking in the back of my craw. We are having a similar issue with the word "policy".  The word "persona" has specific meanings in other disciplines like marketing and strategy as well. It seems to me, the problem we have is ZT is highly reliant on Identity so we cannot rely on context.

    Can you suggest some alternate terms? We have the same problem with "roles". Not sure if "stakeholders" does it.

    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    alex@sharpellc.com
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 4.  RE: Recap: Business Value of Zero Trust working session (Nov 17)

    Posted 4 days ago
    I'd suggest using "Business Role(s)" or "Functional Area"

    I've never heard of "personas" used in the context of business roles, and I've just floated it by a senior European HR Manager in Amazon, who says "occasionally" but not recently and not in common use.

    "Business Role" is also probably more descriptive to the first time reader.

    Paul

    ------------------------------
    Paul Simmonds
    Board, CSA UK Chapter
    Director, CSA (Europe) CIC
    CEO, Global Identity Foundation
    ------------------------------



  • 5.  RE: Recap: Business Value of Zero Trust working session (Nov 17)

    Posted 4 days ago
    Another suggestion would be "stakeholder" as this could suggest that they should be considered as "having skin in the game" and that there are consequences both upsides and downsides with their engagement or lack thereof.

    Richarf





  • 6.  RE: Recap: Business Value of Zero Trust working session (Nov 17)

    Posted 3 days ago
    Thinking about it a little more, it seems the revenue-generating parts of an enterprise are more likely to use the term "persona". I hear it most when dealing with business units, marketing, and product managers. One of the media companies I dealt with recently adopted the term "avatars" to designate different types of content consumers. They continue to speak about different types of content creators as "personas."

    My initial thought is "Stakeholders" provides the most clarity and aligns with other work, which would foster adoption. When I get a moment, I will take a look at what others are doing.

    I suspect as we move through this, we are most likely going to look at the various players in terms of their motivation(s) and their role in getting a ZT project off the ground (e.g., approver, influencer, recommender).

    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    alex@sharpellc.com
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 7.  RE: Recap: Business Value of Zero Trust working session (Nov 17)

    Posted 4 days ago
    Edited by Alex Sharpe 4 days ago
    @Jason Garbis the proposal for the white paper looks good. My only comment is this whitepaper fills a void in the existing body of knowledge. It would be good to highlight in the proposal.

    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    alex@sharpellc.com
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------