 We have a great day ahead and to set the scene nicely I have pleasure in introducing my colleague, John Linford. John is the director for our security and open trusted technology forums at the open group and he supports the leaders and participants of the security forum in utilising the resources here at the open group to facilitate collaboration and follow the open group standards process to follow their deliverables and you're going to hear from John in a number of ways today he's going to be that face that you see a lot today apart from mine. John's going to introduce us right now to zero trust architecture so John please we'll go with you and one thing I would say ahead of time it's in the chat but if you want to make these screens for the presentations if you want to make them any bigger then please use the either the full screen or the expand view buttons in the bottom right hand corner of your screen most of you at least should have that so that's how you can make the slides bigger and final announcement the slides and presentations will be available to everyone everyone here in the middle of next week and you will get notified as a registered attendee you will get notified of their availability so that's a question we get a lot so I'll answer it up front and I'm sure it will come up and I'll probably say it again later without further ado let's hear about zero trust architecture John Linford. Thank you very much Steve hopefully my audio is coming through correctly and I'll just make sure that there we go I do actually have control of the slides so I am here live you'll get to hear from me and my mumbles and mutters and not corrected recorded presentations the other presentations you'll be hearing today are I believe all pre-recorded except for of course the Q&A panel which will be live so what that means is in advance if you do happen to hear squeaking or chewing in the background I've got a six month old puppy and she's up here in my office with me all right so I guess then without further ado since you've already heard who I am it probably makes sense to start with what the zero trust architecture working group is within the open group the ZTA working group zero trust architecture is hosted formally by the security forum of the open group but it is a collaboration project between both the security forum and the architecture forum what that means is that all silver and academic members of both the security forum and the architecture forum are entitled to participate in these various projects that we've got going in this working group and of course anybody from our platinum and gold members are of course also entitled to participate in the working group what we're focused on is on remedying the confusion out there that surrounds zero trust and zero trust architecture 18 months ago you saw zero trust starting more than 18 months ago but really 18 months ago is when we saw this really kick off we saw zero trust being slapped on all sorts of different products with vendors claiming or implying that it would help you have zero trust or zero trust architecture a little bit more complicated than that in reality and we saw end users in particular very confused about what zero trust meant in the first place our ultimate goal of this working group is to publish a zero trust reference architecture as well as additional guides around zero trust and zero trust architecture as I move to the next slide there we go we have already published our first document which is the zero trust core principles white paper and that's where these definitions for zero trust and zero trust architecture come from we did it deliberately as a white paper first we wanted to get input and feedback from the industry at large if they agreed with us or if you agree with us excellent if you don't agree with us we also really want to hear that feedback so that our future publications can address these changes what's interesting is we published these or published these definitions in April of these year this year in the zero trust core principles white paper and then in May we actually had that executive order on improving the nation's cyber security here in the US that provided a definition for zero trust architecture that's actually very compatible if not completely compatible with the definition that we provided in our first publication what's important is that zero trust security capabilities should enable the organization to secure data or information as well as applications apis and any data integrations on any network including the cloud internal networks and public or untrusted so zero trust networks zero trust is implemented through a comprehensive strategy and provides a security framework based on asset and data centric security critically zero trust provides organizational flexibility agility and adaptability in addition to the traditional security assurances of confidentiality integrity and availability for business assets zero trust is achieved by leveraging a combination of existing investments as well as offering new capabilities so you're not throwing out everything that you had before so how is zero trust different from a quote classic or traditional security approach well really the main difference is where you're trying to secure things traditional or perimeter based security approaches might try to put everything onto a secure network which of course nowadays we know may or may not be all that secure even internal networks zero trust in contrast focuses on securing the data the information the assets the things wherever they are on any network what's really important with this is that zero trust is not really a new idea it's based on a lot of the stuff that came from the Jericho forum which described the breakdown of the perimeter security model and the reality is that perimeter based security approaches built on legacy models of identity authentication and authorization don't meet the needs of the digital business instead zero trust brings security to the users the data or information applications apis devices network cloud and so on and so on wherever they are instead of forcing them onto a secure network so what is the zta working group currently working on well we've got three different project streams the first project stream we've called the zero trust core principles project this is already published its first deliverable the zero trust core principles white paper which you can go and download for free from the open group library and we do welcome feedback or thoughts on that since this was our first publication and what we learn from how people receive it is going to directly feed into the other publications we put out since we published the core principles white paper we've now turned to what we're calling the zero trust commandments guide so very clearly and directly in for referencing back to the Jericho forum commandments with that title and kind of taking a similar approach what we're doing with this is refining those initial core principles or in some of the cases combining them or completely changing them all together into something much stronger that hopefully is more actionable for organizations actually trying to implement zero trust or a zero trust architecture this document will also illustrate the commandments and sort of how they work together in order to demonstrate their importance we also intend with this publication to publish a one pager of the commandments that you might put up on your office wall for inspiration if you're into that kind of thing our other two deliverable streams are the zero trust landscape project and the zero trust reference architecture project the zero trust landscape project has a single deliverable in mind but it's one that we're going to aim to update annually this one is going to look at a survey of zero trust end users as well as product and offering vendors to help us identify where and why differences in perception occur and hopefully allow us to remedy that confusion in the other works that we're doing so this publication actually has a survey out right now the first annual zero trust survey which you can go and take the deadline for that is this Friday July 23rd at the end of the day so the results from that we're going to analyze and publish in this guide we're going to send the survey out every year as its title would imply being annual and we're going to update the guide every year so that we can see how perceptions are changing and how implementation is changing over time the other component of this document is a literature review for lack of a better word of academic publications around zero trust so we're going to be able to look at sort of the three big perspectives as well as incorporating in various places publications from other standards organizations such as NIST here in the U.S. so we're really going to try to put together a comprehensive view critically in this document we're not advocating for one viewpoint or the other we're just looking to document the landscape our biggest project by far is the zero trust reference architecture project its ultimate goal is a zero trust reference architecture but we're beginning with a zero with a conceptual zero trust reference model so getting the conceptual stuff out of the way sort of brainstorming how all of this might fit together and then hopefully once we get that published we get some good industry influence and input help us put together a true reference architecture the other publications in this project are going to focus on being complementary to the reference architecture so include things like a practitioner's guide and a business guide for zero trust current members are of course able to dive right in so if you are a silver or academic member of the security forum or the architecture forum or a gold or platinum member of the open group please just feel free to contact me and we can schedule an onboarding with our project or with our working group leadership a few of whom you'll hear from right after me we'll be able to get you up to speed on where we are in these various projects and help you figure out where you want to start actively contributing non-members can go and take that first annual zero trust survey so even if you aren't a member of these forums or a gold or platinum member of the open group you can still go and immediately contribute to one of our publications by answering these survey questions of course if you are interested in becoming a member of the open group after you hear from these presentations and want to start contributing actively you can also contact me and I'll loop you into our business development team so that we can start you getting involved actively and with that I think I hand it back over to you Steve and we get to hear from our other presenters now so thank you very much we do John that's a great intro and a great start to the day thank you very much for that and um and yeah great job so a big virtual round of applause for John Linford thank you John