New Tools & Rules in Internet Identity Management: Navigating a Zero Trust World

The world of identity management changed forever on June 10, 2013 with the introduction of the Zero Trust architecture approach. First proposed by Forrester Research, this new "best practice" has "never trust, always verify" as its guiding principle. It takes the old model—"trust but verify"—and inverts it. As recent breaches have proven that when an organization trusts, it doesn’t verify.

Something is fundamentally broken in the world of information security. Despite countermeasures and controls, attackers continually breach our defenses and steal our identities. Forrester’s research shows the threat vectors expanding in which organized crime and nation-states are creating more significant, targeted attacks. This presentation goes beyond the security context, are speaks to organizations large and small, public and private that are looking for ways to reduce identity management costs while simplifying identity verification processes.

This presentation highlights new approaches to practical barriers in identity management like liability, insurance and changing regulations. It reviews the innovations in standards development, self-certification, and registration that are driving increased global adoption of identity services.

Key Takeaways:

• Concept: This presentation will review the necessity and essential concepts of applying the Zero Trust Model of information security to identity management.
• Architecture: This presentation will outline the key business, legal and technical components, capabilities, and standards of identity management that are changing identity services in a Zero Trust ecosystem.
• Case Studies: In a series of case studies, we will highlight organizations that have adopted new concepts of the Zero Trust Model in their environment. Included in the case studies will be a discussion of best practices and benefits in the US, UK and Europe.