The latest Executive Order in response to the cyber-attacks on SolarWinds and the Colonial Pipeline among others less publicized have sweeping impacts on the Federal landscape. In addition to incident response, encryption, and reporting changes, agencies have <60 days to develop a strategy to adopt Zero Trust Architecture.
What is Zero Trust
According to the NSA, “The Zero Trust security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.” This approach puts security enforcement as close as possible to the user requesting your data. Increased adoption of multifactor authentication, micro-segmentation, and least privilege are significant aspects to consider. Proper application requires re-thinking aspects of your on-premises and hybrid cloud networks.
Why is Zero Trust Important?
As defined by NIST SP 800-207, “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” Put succinctly; this emerging concept takes a “never trust, always verify” approach to how users access your data. A user would be verified that it is explicitly permitted to access a resource each and every time it is accessed. This is opposed to placing resources “behind a firewall”, as networks expand into hybrid cloud architectures and users continue working from anywhere.
We Need Your Input
InquisIT is performing research on readiness to adopt Zero Trust. We will use the results to create educational material that helps Federal agencies streamline adoption.
How Can You Prepare?
The following factors are critical to success:
- Gain an Understanding – As opposed to what many would have you believe, you cannot simply “buy” Zero Trust. It is a model that must be continually applied, matured, and enforced along your agency’s IT modernization journey.
- Assess Capabilities– The Zero Trust ecosystem of tools, products, and integrations is vast. You will need to gain situational awareness of technology advancements, what is possible, and apply it meaningfully in your organization.
- Determine User Impact – Implementing Zero Trust for many agencies will require integrating new technologies and tightening existing controls. Taking into account how users will be affected is key to getting ahead of any confusion.
- Focus on Training – The world of Zero Trust is a significant shift from perimeter-based security. This change will impact how you work, requiring you to consider how to keep users and technical SMEs “in the know.”
We Are Here For You
Do you need a guiding star along your Zero Trust journey? Our subject-matter experts are here to help. You may contact us by email at firstname.lastname@example.org. All discussions are respectful of the Federal Acquisition Regulation (FAR).