Zero Trust

Recording link: https://cloudsecurityalliance.zoom.us/rec/share/-muE7w6OHRJB4iT8hozqdv1hNgXwQ6kTJDSTSZHZZedO2HbctY6oxRSwUUWiAIu4f.3iFckW6uQYPGcyDJ 

Deck: ZT Full WG Meeting 08-15-2023.pptx

AI Generated Minutes: 

• The discussion covered upcoming events such as the CSA conference in September and the CSA Virtual Research Summit, with a focus on zero trust. They also mentioned the CISA Maturity Model webinars and a CSA zero trust briefing for financial services industry members. - PLAY @0:58
• Erik discussed the ongoing development of zero trust training and certification modules, as well as the expansion of the working group's scope to include cloud, on-prem, hybrid endpoints, and IoT. Collaborative partnerships with organizations such as NIST, CCOE, and the DOD were also highlighted, along with the growing membership and engagement within the zero trust community. - PLAY @8:36
• Erik, Jerry, Jason, and others discussed the importance of proving the effectiveness of Zero Trust as a security philosophy and avoiding the negative perception and hype surrounding it. They encouraged public case studies, highlighting real-world value and adoption, collaboration on defining architecture design patterns, and emphasizing the responsibility of security professionals in securing digital technology. - PLAY @14:24
• Jason, Jerry, and Chris discussed the importance of implementing zero trust in enterprises and how it presents an opportunity for professional growth and visibility. They emphasized the need to operationalize and mechanize zero trust, focus on metrics and visibility, and take advantage of the hype surrounding it to drive interesting and beneficial security practices in organizations. - PLAY @19:50
• The group discussed the challenges of finding peer-reviewed documentation on the concept of zero trust, with Dr. expressing the need for such materials for academic purposes. They also explored the idea of establishing a peer-reviewed journal within the Cloud Security Alliance to address this gap. - PLAY @25:00
• In the discussion, Jason and Maureen explained that Sassy and SSE are specific implementations of a zero trust strategy, with SSE being a collection of existing security functions delivered as a service. They also highlighted the difference between a tactical approach to zero trust, which involves buying and implementing tools, and a strategic approach that involves creating Zero Trust advancement boards and breaking down different modules. - PLAY @30:52
• Erik and Jason discussed various deliverables and collaborations related to zero trust, including producing guidance documents, updating the CSA glossary, collaborating with the Open Group, and exploring partnerships with other organizations. They also mentioned future plans for more detailed implementation guidance and control framework assessments. - PLAY @36:45
• Erik, Steve, Aaron, and Shruti provided updates on various deliverables and projects they were working on, including guiding principles, small and medium business guidelines, IAM glossary, and Zero Trust guidance for critical infrastructure and IoT. They also mentioned the involvement of other volunteers and collaboration with different working groups and organizations. - PLAY @42:33
• The team members discussed various workgroups and their progress, including the re-energizing of the application and workload workgroup, the preparation for the first round of review for the guidance on identification of protective service, and the mapping out of building block capabilities for the Zero Trust implementation. They also mentioned upcoming webcasts, meetings, and the brainstorming of new ideas for deliverables. - PLAY @49:12
•  - PLAY @57:30