The President's executive order on "Improving the Nation's Cybersecurity" (14028) issued on May 12, 2021 started a process, which was followed on January 26, 2022 by a "Federal Strategy To Move the U.S. Government Towards a Zero Trust Architecture." This calls for wide cooperation between government, public, and private sectors. The executive order also calls for "enhancing software supply chain security" with an emphasis for which open source software would be the most reasonable solution. As response to the recent war in Ukraine, major governments have asked the private sector to "shield up," increasing the urgency of adaptation on the private sector - and recent successful penetrations of critical systems overseas should be seen as a foreshadowing of things to come.
Zero Trust is a journey, and an over-hyped term. What does it mean in this context? The cornerstone these implementation requirements are built upon is the "identity management," not only for humans, but also for devices, instances, and services. "Once in a million" used to be a moniker for acceptable risk, but with the rate velocity of business and the volumes that transactions have reached, it may translate to seconds instead of years. And the elephant in the room: How do we manage identities without sacrificing privacy?