The threat of cyberattacks and the need for robust security plans are critical for agencies to deliver on the mission in today’s hostile threat landscape. Federal agencies must build resilient and robust defenses, where they can operate quickly and efficiently to mitigate threats. Security frameworks, such as the five pillars of Zero Trust architecture, enable agencies to secure their IT environments from insider threats and nation-state actors.
Following the May 2021 Federal Executive Order (EO) on Cybersecurity, Zero Trust has become the definitive strategy for federal agencies as they seek to prevent attacks and respond effectively when they do happen. In outlining clear guidance and setting deadlines for compliance, the EO has driven a great deal of change within federal agencies. But for federal agencies just getting started on their Zero Trust journey what are the most important elements?
We checked in with industry experts from Dell to find out about the founding principles of Zero Trust. In a recent podcast they outline five pillars that agencies need to consider when building a successful Zero Trust architecture.
Pillar 1: People (User) Trust
As with any effective cybersecurity strategy an agency’s users, or their people, are at the center. As well as continuing to build a cyber aware community through education, Zero Trust protects the user, the network, and the data by requiring the user to continuously authenticated as they move around the network.
Pillar 2: Device Trust
An optimal Zero Trust strategy moves agencies from a simple inventory and validation strategy to constant device authentication and access granted on the basis of real-time risk assessment analytics.
Pillar 3: Network Trust
When it comes to the network, Zero Trust requires a transformation from macro-segmentation to micro-segmentation in order to have a better understanding of who or what is on the network at any given time.
Pillar 4: Application Trust
Traditionally, access to applications has been granted at the local level and is static, meaning that once authorization is granted it is in place until it is revoked. A Zero Trust approach to application access in comparison is dynamic, requiring authentication to happen at a global level and on a continuous basis. The upside to this approach is that all applications can be available via the Internet and agencies no longer require VPNs to offer secure access.
Pillar 5: Data Trust
One of the most significant changes for agencies when moving to a Zero Trust model centers around data accessibility. The goal here, for agencies, is to, once again, move from static to dynamic authentication and also improve their categorization and organization of data in order to support dynamic access.
Compliance with the Executive Order on Cybersecurity has added a necessary urgency to agency plans to evolve their cybersecurity postures. With the continued intensity of cyber attacks and the on-going expansion of attack surfaces as federal agencies embrace the Digital Age, the five pillars of Zero Trust is an idea whose time has surely come.