Zero Trust Principles
A TechUK Working Group providing an industry perspective on emerging vendor-neutral definitions and principles relating to Zero Trust concepts.
11.00 am Wednesday 3rd June.
TechUK hosted the first online meeting of its Zero Trust Working Group this week, with Dan Patefield of TechUK, and our CEO Bernard Parsons setting the scene, followed by reflections and insights on Zero Trust concepts from Richard Baker (BT) and Ollie Sheridan (Gigamon).
In spite of broad and diverse industry representation and interests, some consensus is easy to establish: Zero Trust is not about a single product or product type, and for most its best described as a journey. NIST position a ZT Architecture as being a plan to appropriately incorporate ZT concepts. But with excellent work being done on ZT principles by the likes of NCSC, the devil can be in the implementation detail.
"We need to think about how we better express both business policy and technical policy. Security and IT are no longer in the driving seat within most businesses.....
"ZT concepts must bake-in the culture of evolving security posture....
"ZT definitions need to remain at an appropriate architectural-level and remain outcomes-based to avoid further tick-box exercises....
As a group we'll be compiling experiences and reflections to help fill gaps, based on mini case studies, and organising further outreach to others interested in this topic including a Virtual Conference later this year. If you would like to get involved, please get in touch.
The Working Group is also open to non-TechUK members, and we particularly welcome Security and Network Architects with a an interest in ZT, or have relevant war stories to share.