Nikhil Kumar, ZTA Working Group Co-Chair & President, Applied Technology Solutions, Inc.
Mark Simos, ZTA Working Group Co-Chair & Lead Cybersecurity Architect, Microsoft
Altaz Valani, Security Forum Vice-Chair & Director of Insights Research, Security Compass
Mike Leuzinger, AVP, Chief Architect for Information Risk Management, Nationwide
Ken Street, Senior Enterprise Architect, Conexiam
Dr. Malcolm Shore, Chief Security Architect, The SABSA Institute
Tony Carrato, The Open Group Invited Expert
Steve Whitlock, The Open Group Invited Expert
Jim Hietala, VP Business Development & Security, The Open Group
Andras Szakal, VP & Chief Technology Officer, The Open Group
John Linford, Security & OTTF Forum Director, The Open Group
The Open Group, an international vendor- and technology-neutral standards and certification consortium, has been actively engaged in establishing a consistent and coherent vision of Zero Trust and Zero Trust Architecture across industry, academia, and governmental organizations for the last two years. In fact, The Open Group pioneered the underlying principles behind Zero Trust, under the aegis of the Jericho Forum® and the guidance that came from the Jericho Forum over the past two decades, including the Jericho Forum Commandments and Jericho Forum Identity Commandments.
Today, The Open Group Zero Trust Architecture (ZTA) Working Group, which is a collaboration between the Security Forum and the Architecture Forum, is leading that initiative to establish standards and best practices for Zero Trust as the overarching information security approach for the Digital Age.
The vision of the ZTA Working Group is centered on a data- and asset-centric model, as opposed to traditional network-centric approaches. The successive breaches and ransomware attacks that have been impacting commercial entities and governmental agencies (e.g., SolariGate-type events or the Colonial Pipeline ransomware attack) would not be stopped by network-centric approaches. For businesses and governments, network centricity has led to reduced agility and ever-increasing cost, forcing a reactive rather than a proactive approach. In a cloud-centric, Digital Enabled world, this is sub-optimal and unsustainable.
The definition of Zero Trust Architecture from the ZTA Working Group aligns well with the May 12 Executive Order on Improving the Nation’s Cybersecurity, which defines in Sec.10(k) Zero Trust Architecture as “…a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.”
The ZTA Working Group defines Zero Trust as “an information security approach that focuses on data/information security, including lifecycle, on any platform or network” and Zero Trust Architecture as “the implementation of a Zero Trust security strategy that follows well-defined and assured standards, technical patterns, and guidance for organizations.”
The definition for Zero Trust Architecture in the Executive Order continues and calls out criteria identified in the Zero Trust Core Principles White Paper (published April 2021), such as least privilege, data centricity, comprehensive security monitoring, granular risk-based monitoring controls, and data protection in real-time in a dynamic threat environment. The Executive Order aligns on the principles of assumed breach and the need to consider both IT and OT in the context of cybersecurity.
The Open Group ZTA Working Group believes that Zero Trust reduces the impact area, or blast radius, of a breach in addition to minimizing the threat space that needs to be protected against. Zero Trust enables organizational Agility and the ability to operate in a situation of assumed breach.
Critically, Zero Trust brings security to the users, data/information, applications, APIs, devices, networks, cloud, etc. wherever they are – instead of forcing them onto a “secure” network.
The initial Reference Model from the Zero Trust Core Principles White Paper is shown below and clearly reflects a number of the core elements called out in the Executive Order.
The Open Group is currently engaged in developing global standards and guidance for Zero Trust, including a Reference Architecture, Axioms and Core Principles, as well as business and practitioners guides, to make the adoption of Zero Trust actionable. Organizations—whether commercial, governmental, academic, or regulatory—can engage, adopt, or avail of the materials to develop and tailor their Digital Transformation and prepare themselves for Zero Trust implementation.
The ZTA Working Group welcomes and encourages your participation and involvement in our efforts. There are several ways you can help us:
- Members of The Open Group Security Forum and Architecture Forum as well as Gold and Platinum Members of The Open Group can join the ZTA Working Group and begin contributing immediately.
- Non-Members are also welcome to participate/contribute and can join the ZTA Project LinkedIn Group, volunteer to join webinars/podcasts around Zero Trust, and/or contribute content for posts on The Open Group Blog.
For more information on how you can contribute to the ZTA Working Group’s efforts or Membership in The Open Group, please contact John Linford, The Open Group Security & OTTF Forum Director at or Jim Hietala, The Open Group VP Security & Business Development.