Cyber, Zero Trust 5 MIN Read
May 27th, 2022
OUR CAPABILITIES
In a year marked by significant cyber events – the White House’s Executive Order on Improving the Nation’s Cybersecurity made it clear that maturing our cyber defenses is a priority for our country. The Executive Order (EO) highlights the need for cybersecurity modernization – specifically through advancement toward zero trust and migration to secure cloud services.
Zero trust is a cybersecurity framework developed around the concept of “never trust, always verify.” It requires all users, whether they are inside or outside an organization’s network, to be continuously validated to access applications and data. This is assessed against five key pillars: identity, devices, network and environments, applications and workloads, and data.
The Cyber EO requires all Federal agencies to develop a detailed plan to implement a zero trust architecture. The Office of Management and Budget and Cybersecurity and Infrastructure Security Agency (CISA) published its final version of zero trust strategy in January, which provides roadmaps for agencies to transition to zero trust models and securely migrate to cloud services over the next two years.
Here are some steps to consider in the process:
These five steps named in the guidance, which must be met by the end of Fiscal Year 2024, closely align with the five pillars of the Zero Trust Maturity Model published by the CISA.
As agencies modernize their cybersecurity programs, they must approach every decision – across technology, process, and people – with a zero trust mindset. It’s important that agencies seek an industry partner with holistic, enterprise-wide experience and expertise across all five zero trust pillars to help guide them on their journey.
Agencies need a partner who has the required capabilities as well as proven experience developing reference architectures. Trusted partners in the cyber industry know that cyber is not a singular part of the mission – it’s the thread that connects every endpoint, network, and person.
GDIT, for example, has worked with the Defense Information Systems Agency (DISA) on its ICAM program, to identify efficiencies, facilitate strong authentication to cloud services, provide authorization services with role-based access, and enable better and faster audits of users and resources. This program is a critical pillar of the Department of Defense’s (DoD) ultimate push toward a zero trust architecture.
Agencies can also look to trusted partners to leverage zero trust architecture to modernize their infrastructure and secure their move to the cloud. As the DoD continues to migrate its users to the Defense Enterprise Office Solution (DEOS), the cloud-based environment that will deliver collaboration services to the DoD, zero trust architectures will provide an added layer of security and authentication to support rapid migration.
“As agencies modernize their cybersecurity programs, they must approach every decision – across technology, process, and people – with a zero trust mindset. It’s important that agencies seek an industry partner with holistic, enterprise-wide experience and expertise across all five zero trust pillars to help guide them on their journey. ”
While advancing toward a zero trust architecture is a challenging undertaking for our government, it is a necessary evolution to help us meet today’s sophisticated cyber threats head-on. Ultimately, zero trust will serve as an enabler for broader digital transformation, making it easier and more secure for agency users to work productively and safely from any device, from any location.
The requirements and timelines outlined in the Cyber EO are ambitious, representing a monumental shift across how government networks are secured, software is procured, and cyber teams operate and collaborate. It’s important to get started today. Take small steps, make forward progress, iterate over time, and use lessons learned to make informed decisions for the future. And you don’t need to do it alone – seek out a partner who can support you every step of the journey.