Resilient Cyber
Resilient Cyber
S3E20: Ken Myers - Federal ICAM & Zero Trust

S3E20: Ken Myers - Federal ICAM & Zero Trust

Chris: What do you think some of the fundamental changes of IAM are from on-prem to cloud?

Chris: What are some of the key tradeoffs and considerations for using IDaaS offerings?

Nikki: There are a lot of solutions out there that discuss zero trust as a product or a service that can be leveraged to 'bake in' zero trust into an environment. But I'm curious on your perspective - do you think we need additional tools to configure zero trust principles, or leverage the technology at hand to implement zero trust?

Nikki: There's this move towards passwordless solutions - I can see that being a big boost to zero trust architectures, but I think we're still missing the need for trusted identities, whether it's passwords, pins, or tokens. How do you feel about the passwordless movement and do you think more products will move in that direction?

Chris: You've been a part of the FICAM group and efforts in the CIO Council. Can you tell us a bit about that and where it is headed?

Chris: It is said Identity is the new perimeter in the age of Zero Trust, why do you think this is and how can organizations address it?

Nikki: There was an interesting research publication I read, titled "Beyond zero trust: Trust is a vulnerability" by M. Campbell in the IEEE Computer journal. I like the idea of considering zero trust principles, like least privilege, or limited permissions, as potential vulnerabilities instead of security controls. Do you think the language is important when discussing vulnerabilities versus security controls?

Chris: What role do you think NPE's play in the modern threat landscape?

Chris: If people want to learn more about the Federal FICAM/ZT Strategies, where do you recommend they begin?