By Oliver David, Social Media Manager, The Open Group
In late July, The Open Group hosted an event bringing together speakers and practitioners from around the world to meet in Washington, DC at the historical Mayflower Hotel, and discuss some of today’s most vital topics in the area of security and resiliency.
With a focus on Zero Trust Architecture and Supply Chain Security, leaders from businesses including Microsoft, IBM, Micro Focus, and ServiceNow joined experts from public sector organizations like NIST and NASA, together with representatives from The Open Group itself, to explore how open standards are driving important developments and actionable insights in these important and developing topics.
In case you missed this fascinating, spirited, and enlightening event – or if you just want to relive the experience – here are some of our biggest highlights from the event.
Monday’s presentations began with a focus on the topic of Zero Trust Architecture (ZTA), which has been a major focus area for The Open Group, particularly in terms of the ZTA Working Group of The Open Group Security Forum.
Following a welcome address from The Open Group CEO Steve Nunn and an overview of the work The Open Group is doing in ZTA from The Open Group Security Forum Director John Linford, we were joined by Murugiah Souppaya from the National Institute of Standards and Technology (NIST) to discuss why, from NIST’s perspective, Zero Trust is the ‘most pertinent emerging cybersecurity strategy’.
Drawing on results from the active ZTA project at NIST, Murugiah showed us how commercial off-the-shelf technology and the production of guidance around implementation, documentation, and deployment can be brought together to accelerate development and adoption of effective Zero Trust strategies. His session was particularly useful in complement with the following presentation from Nikhil Kumar who, as President & Founder of Applied Technology Solutions (ApTSi), provided a more commercial-eye view of ZTA implementation and the benefits of “organizational agility, flexibility, and adaptability” it offers.
Together with his co-chair of the Zero Trust Working Group, Microsoft’s Lead Cybersecurity Architect Mark Simos, Nikhil explained how Zero Trust has effectively been around since the mid-2000s in the form of the Jericho Forum and Network Access Control Architectures, before looking ahead to how, compared to historically slow adoption rates, ZTA is now being effectively realized in the context of Digital Transformation.
After a short break, we were then joined by Joseph Davis, Chief Security Advisor at Microsoft, for an incredibly useful and pragmatically-minded session on promoting the value of ZTA to internal security and IT leadership teams. Acknowledging the challenges associated with advocacy, Joseph provided a toolkit for approaching the conversation which practitioners can use to help raise awareness and standards in their organizations.
Joseph’s session was followed by a talk from Jim Hietala, VP, Business Development & Security, The Open Group, in which he laid out an architecture-focused approach to thinking about the relationship between Zero Trust Architecture and information security management. Jim closed out the Zero Trust section of the day with a rousing statement on the opportunity for standards organizations to “cut through the clutter” of ZTA implementation.
After presenting Tony Carrato a highly deserved Contributor Badge for his Zero Trust Commandments, we then moved on to an afternoon set of sessions focused on Supply Chain Security.
Steve Nunn congratulates Tony Carrato on receiving a Contributor badge for his Zero Trust Commandments
This topic was introduced through a session with Andras Szakal, VP and Chief Technology Officer, The Open Group, in which he discussed supply chain management from the perspective of the recent real-life challenges that business of all sizes have experienced.
That theme was carried forward in our second joint presentation of the day, from John Linford, Security & Open Trusted Technology Forum Director at The Open Group, and Geoff Wilkerson, Product Security Engineer at Seagate Technology. In a highly useful session, they explored how the Open Trusted Technology Provider™ Standard (O-TTPS), a standard of The Open Group, effectively responds to real-world challenges associated with protecting organizations from compromised and counterfeit products in the supply chain.
A focus on the differences between O-TTPS and traditional cyber security standards, in that it is concerned with procedure verification rather than unit-, product-, or system-testing, was particularly enlightening – and something that was discussed further in the following Q&A session lead by Steve Nunn.
We then welcomed Robert Martin, Senior Software and Supply Chain Assurance Principal Engineer, MITRE Corporation, to give an update on MITRE’s System of Trust, a supply chain security community project, in which he also provided a useful perspective on where the key challenges still lay for concerned practitioners, such as resolving an area of focus for risk management.
Bob Martin discusses Supply Chain Risk Management
After a session with Sonia Gonzalez, Digital Portfolio Manager, The Open Group, leading a discussion on progress in the Portfolio of Digital Open Standards, day one was rounded off with a networking reception and ‘birds-of-a-feather’ discussion session in which attendees reflected on the day’s content and had the opportunity to build the connections which will take these insights forward to application.
Following a day of sessions which really showcased the breadth and depth of knowledge being brought to the table by participants in The Open Group, the morning of the second day opened with a more focused deep dive. This took the form of a pair of talks with experts from the NASA Solutions for Enterprise-Wide Procurement (SEWP) Program showing how recent thinking around the challenges with Supply Chain Security is being applied in a high-priority governmental environment.
Up first was a presentation from Joanne Woytek, Program Director, Procurement Office, NASA SEWP, in which she discussed how supply chain risk management has recently become a central area of concern in the federal context, and an insider’s view of how this reflects broader conversations in Supply Chain Security. Joanna provided a particularly interesting perspective on how NASA SEWP’s 25-year history of participation in The Open Group has informed its current efforts in areas like product provenance and the cross participation of stakeholders.
Joanne Woytek talks about current Supply Chain Security efforts at SEWP
Joanne’s talk was followed by a presentation of results from a research program into how O-TTPS maps onto NIST Recommendations for Supply Chain Security. Jon Johnson, Senior Advisor, NASA SEWP, and Theresa Kinney, Deputy Program Manager, NASA SEWP, gave us a unique insight into their highly structured, mission-critical approach, delivering ideas on methodology, process, and approach which will be highly influential for all attendees.
To close the main section of the event, we then welcomed Lars Rossen, CTO & Fellow, Micro Focus. In typically erudite and entertaining style, Lars walked us through the supply chain environment that Micro Focus faces – covering over 400 product releases a year drawing on over 10,000 open source libraries – and how the business has tackled the daunting task of vetting the combined supply chain through the use of the IT4IT Reference Architecture. Introducing the concept of the Digital Factory, Lars offered an approach to the challenge which was both inspirational and deeply pragmatic.
Lars Rossen showcases how Micro Focus uses IT4IT Reference Architecture
With that, we moved in broader proceedings, with a very productive TOGAF® User Group meeting and a networking session, before a Security Forum Meeting and a Data Science Workshop for interested members on the third day.
As ever, we would like to extend our deepest gratitude to the many experts who willingly gave up their time for the event, both to present their invaluable insights on the stage and to make the audience such an engaged, intelligent, and passionate group of professionals.
We also thank our sponsors who made it possible for us to meet in Washington, DC.
Our amazing speakers, Members, partners, attendees, and staff are the heart of The Open Group, and this event demonstrated again why coming together in this way is such a valuable part of what we do.
Proceedings are available for event attendees and Members of The Open Group here.
The next The Open Group event will be held on October 17-19 in Edinburgh, UK, where we will be welcoming speakers on Open Digital Standards, Open Agile Architecture, Open Source, IT4IT Reference Architecture, and the TOGAF® Standard, 10th Edition. Please do look out for further details coming soon – we hope to see you there!
The Open Group India Awards for Innovation and Excellence 2022
As part of the Washington, DC event, The Open Group was also delighted to present the fourth annual edition of The Open Group India Awards for Innovation & Excellence. In a virtual gala ceremony drawing attendees from around the world, the India Awards honored organizations showing excellence in Digital Innovation.
These awards are an important way of recognizing transformative, pioneering work which makes a real difference to people in how digital, citizen centric services are delivered. To further showcase the work of nominee organizations, The Open Group will be publishing a case compendium of projects for both members and non-members to learn and take inspiration from.
We would like to congratulate this year’s recipients, and look forward to seeing the exceptional work highlighted by next year’s awards.
Award of Distinction in Digital Innovation:
- Dubai Customs
- Taipei City Government, Taiwan (R.O.C)
- National Informatics Centre, Ministry of Electronics and IT, Government of India
- Bangladesh Computer Council
Award of Merit in Digital Innovation:
- Centre for Railways Information Systems
- Schlumberger India Technology Center Pvt. Ltd.
Special Mentions were given to:
- Sinag Solutions, Republic of Philippines
- Planning Department, Government of Meghalaya
Oliver David, Marketing Specialist and Social Media Manager, joined The Open Group in 2018 and manages the various social media platforms for The Open Group and its Forums & Consortia. He also supports PR activities and events of The Open Group. Oliver has a bachelor’s degree in Sports Business Management from The University of Worcester, England. He is based in the United Kingdom.