Thinking about it a little more, it seems the revenue-generating parts of an enterprise are more likely to use the term "persona". I hear it most when dealing with business units, marketing, and product managers. One of the media companies I dealt with recently adopted the term "avatars" to designate different types of content consumers. They continue to speak about different types of content creators as "personas."
My initial thought is "Stakeholders" provides the most clarity and aligns with other work, which would foster adoption. When I get a moment, I will take a look at what others are doing.
I suspect as we move through this, we are most likely going to look at the various players in terms of their motivation(s) and their role in getting a ZT project off the ground (e.g., approver, influencer, recommender).
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------
Original Message:
Sent: Nov 24, 2022 12:12:11 PM
From: Richard Baker
Subject: Recap: Business Value of Zero Trust working session (Nov 17)
Another suggestion would be "stakeholder" as this could suggest that they should be considered as "having skin in the game" and that there are consequences both upsides and downsides with their engagement or lack thereof.
Richarf
Original Message:
Sent: 11/24/2022 3:02:00 PM
From: Paul Simmonds
Subject: RE: Recap: Business Value of Zero Trust working session (Nov 17)
I'd suggest using "Business Role(s)" or "Functional Area"
I've never heard of "personas" used in the context of business roles, and I've just floated it by a senior European HR Manager in Amazon, who says "occasionally" but not recently and not in common use.
"Business Role" is also probably more descriptive to the first time reader.
Paul
------------------------------
Paul Simmonds
Board, CSA UK Chapter
Director, CSA (Europe) CIC
CEO, Global Identity Foundation
Original Message:
Sent: Nov 24, 2022 06:57:12 AM
From: Alex Sharpe
Subject: Recap: Business Value of Zero Trust working session (Nov 17)
@Paul Simmonds, you have a habit of bringing up things that have been sticking in the back of my craw. We are having a similar issue with the word "policy". The word "persona" has specific meanings in other disciplines like marketing and strategy as well. It seems to me, the problem we have is ZT is highly reliant on Identity so we cannot rely on context.
Can you suggest some alternate terms? We have the same problem with "roles". Not sure if "stakeholders" does it.
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]
Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
Original Message:
Sent: Nov 18, 2022 07:31:44 AM
From: Paul Simmonds
Subject: Recap: Business Value of Zero Trust working session (Nov 17)
One plea from me; the use of the word "persona" in the way you are using it is incredibly misleading and confusing.
Zero Trust is (almost certainly) incredibly reliant on Identity, and in the Identity space, "persona's" have a very specific meaning, as a facet of a persons overall identity (normally exposed in a particular setting) - for example I might be happy to share my "work persona" with you (join of Entity:Person & Entity:Organization) but not my sexual-persuasion persona (and certainly not in certain parts of the world) - so there are huge intersections with trust, privacy and anonymity.
Persona also spill over into the crypto world when it comes to one-way cryptographic joins between entities, giving a persona a unique cryptographic signature / key. These can then be used to prove signed assertions al-la the W3C Verifiable Claims Data Model and Decentralized Identifiers (DIDs) - all of which will be used in ZT solutions.
Bottom-line; I understand why you are using the word, but can you choose a different word that makes the same point!
------------------------------
Paul Simmonds
CSA UK Chapter
CEO, Global Identity Foundation
Original Message:
Sent: Nov 17, 2022 01:54:58 PM
From: Jason Garbis
Subject: Recap: Business Value of Zero Trust working session (Nov 17)
Hi folks - a quick recap from our working session this morning, Thursday, Nov 17
Thanks everyone for your participation & engagement
- Intros and welcome to new members
- Recap of the Google group for this workstream
- Quick review of the in-progress Business Value of Zero Trust whitepaper proposal:
- https://docs.google.com/document/d/1s9OTHZxmv6SURkrq2lAP3Bp32WsHElHw9x-kWQvbGfw/edit?usp=share_link
- Requesting final input before submission to the ZT steering committee
- Interactive discussion, editing, and brainstorming on the draft a set of personas to represent the direct and indirect target audience for the ZT working group assets
- https://docs.google.com/spreadsheets/d/1SoI24cBYyubfFHf27KvQnrMDfNIWyTaO/edit?usp=share_link&ouid=105169721242682585015&rtpof=true&sd=true
Work plan:
- Finalize mini charter -Erik has asked for a second review via the new Google Groups. Jason to kick off by Nov 9. Posted / Open for final review through Nov 23
- Personas - plan for next few working sessions to publish first version, for use across workstreams. Ongoing
- Whitepaper proposal - by Nov 9 - complete and circulate for feedback & approval. Ready for final review / planned to send to steering committee Nov 23
Today's meeting Recording Link: https://cloudsecurityalliance.zoom.us/rec/share/vkuzKi8nHbNkpEBDWkOmHSCtP31RwUCZpazsy5Ar0IAOpiTDUFcu6NfoD2f-52uW.4EX4HAF7TweSF8Zx
Passcode: Nt!4G=&A
Our next workstream session is Thursday December 1 at 8pm ET
Topics:
1. Intros to new members
2. Ongoing review and discussion of the reader personas
3. Status / feedback on the whitepaper proposal
------------------------------
Jason Garbis, CISSP
Co-Chair, Zero Trust Working Group
CPO, Appgate
Author: Zero Trust Security: An Enterprise Guide
------------------------------