Zero Trust architecture, Implementation & Maturity Model

Quick recap

The team discussed the finalization of the Ci document, the progress of the 'Step 3: Building the 0 Trust Architecture' work stream, and the review of important documents including the Protect Service Document and the transaction closed document. They also explored various deployment models used by vendors, the complexities of procuring new enterprise software and infrastructure, and the importance of a holistic approach to security. Lastly, they discussed the value of the 1,800 series and the importance of vendor neutrality, with a focus on the first two CSA white papers for the next meeting.

Next steps

• Jason will share the draft of the 1st 2 CSA white papers, "Defining the Protect Surface" and "Mapping the Transaction Flow", with the team for review in the next 2 weeks.

• The team will review the 1st 2 CSA white papers and prepare for discussing them in the next meeting.

Summary

Scheduling Call for Ci Document Review

Erik and Jason discussed scheduling a call with Josh for Friday afternoon to finalize the Ci document before the RSA event. They also discussed the possibility of a longer-than-usual review period due to the RSA event. A concern was raised about ensuring common messaging, and it was suggested that a one-on-one conversation with Kinderag might be necessary to resolve this. Lastly, they addressed their availability for the scheduled call, with Erik and Josh confirming their availability, and Jason mentioning a customer call that might clash with the meeting.

Step 3: Building the 0 Trust Architecture' Progress

Jason led the discussion as they welcomed a new participant, Madhav. The main focus of the meeting was on the progress of the 'Step 3: Building the 0 Trust Architecture' work stream. Jason clarified that the CSA had published guides for steps one and two, and step two was still in draft, awaiting feedback from Erik and others. Erik reported that the work was still a work in progress, with some team members pushing for a network approach. Jason also mentioned that he had received a volunteer to assist with ZT5 and ZT6.

Reviewing and Planning Key Documents

Jason led a discussion on reviewing and planning several important documents, including the Protect Service Document and the transaction closed document. The team deliberated on the concept of '0 trust architecture', their goals and values, and the need to decide whether to summarize existing material or create something new. They also discussed the Anstack report and its 5-step process, with a focus on its relevance to their current work. Lastly, they agreed on the necessity of providing clear, actionable guidance and the challenge of not tying their recommendations to a specific vendor.

Exploring Deployment Models and Vendors

Jason presented on various deployment models used by vendors, including the Device Agent Gateway and Enclave-based deployment. He also discussed other models, such as the Resource Portal and Application Sandboxing. He explained these models based on his co-authored book and highlighted their differences, noting they often reflect different vendor approaches. The team agreed to continue examining these models in future discussions, with a specific focus on the upcoming Sdp update and alternative architectures from vendors like Tailsale and Twinge.

White Paper Architecture Challenges Discussed

Jason and Josh discussed the challenges of recommending specific architectures in their upcoming white paper. Jason expressed concerns about readers potentially misunderstanding generic architectures, and suggested instead to guide readers towards choosing the right platform, vendor or set of requirements based on their specific needs. They also discussed the issue of building a '0 trust architecture', with Jason advocating for a more unified approach to establish a solid foundation for their enterprise, emphasizing the potential dangers of starting from scratch.

Balancing Uniqueness and Reusability in Procurement

Jason, Erik, Sam, Josh, and Nelson discussed the complexities of procuring and implementing new enterprise software and infrastructure, especially in large and diverse organizations. They emphasized the need to balance the requirement for unique solutions with the advantages of commonality and services reusability. The group also discussed the complexities of identity management systems, agreeing that a one-size-fits-all approach is not suitable due to differences in security risks, usability considerations, and worker types. They stressed the importance of a holistic approach to security, focusing on multiple aspects such as identity, policy enforcement, monitoring, and awareness. The challenge of collecting the required information to enforce these policies and the necessity of a standardized implementation blueprint were also highlighted.

1,800 Series and CSA White Papers

Nelson and Jason discussed the 1,800 series, with Jason explaining its focus on zero trust architecture and its value despite its lack of specificity for all environments. Nelson praised the series for its usefulness and emphasized the importance of vendor neutrality. Erik agreed, reiterating their goal of being vendor agnostic. The team also discussed the usefulness of providing different use cases in their documentation and the time-consuming nature of creating such documents. The next meeting was announced to focus on the first two CSA white papers, with Jason requesting everyone to review them in advance, and Erik suggesting the inclusion of SDP in the network security space.

AI-generated content may be inaccurate or misleading. Always check for accuracy.