In today’s dynamic cybersecurity landscape, federal civilian agencies face persistent cyber threats. The traditional approach of establishing perimeter protections is no longer sufficient; the new standard for cybersecurity is synonymous with zero trust.
According to the Cybersecurity and Infrastructure Security Agency (CISA), zero trust is an approach that restricts access to data, networks and infrastructure to the bare minimum necessary, continuously verifying the legitimacy of such access. This involves creating micro perimeters around each application and its data, making it easier to contain and mitigate attacks within specific boundaries.
The concept of zero trust isn’t entirely new, but it has garnered more attention recently. Most notably, a January 2022 White House memo requires agencies to meet specific zero-trust strategy objectives by Sept. 30, 2024, the end of the fiscal year. That builds on a 2021 executive order that lauds zero trust’s protective capabilities: “The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.”
However, despite the evident benefits, the transition to zero trust poses challenges. A year ahead of the deadline, a recent report found that only 67% of federal agencies felt confident about meeting it.
To assist agencies in this transition, CISA released the Zero Trust Maturity Model, Version 2.0, providing a baseline for access controls and guiding agencies in consolidating identity systems. This model breaks zero trust into five pillars: identity, devices, network, data, and applications and workloads, with a roadmap for each pillar to facilitate the transition.
Key solutions that agencies should keep in mind to help them comply with zero-trust guidance are:
- Identity and access management. Implement tools like multifactor authentication and user behavior analytics, which help ensure that only authorized users can access sensitive systems.
- Data protection. This involves least-privilege access controls, end-to-end encryption and event logging. Solutions that track and classify data movement, such as data loss-prevention tools are also helpful.
- Device-based solutions. Configuration and asset management tools, endpoint detection, and response tools are necessary for finding and addressing malware on devices before they connect to an agency’s network.
- Network security. Core to zero trust, agencies should consider network segmentation, machine learning-based threat protection, and infrastructure-as-code security to detect and prevent attacks.
Strategic Partners to Ensure Mission Success
Elevate your agency’s performance with mission-critical solutions. Redefining e-governance, VMware and Presidio Federal customize offerings to address cybersecurity challenges and fortify digital government operations, allowing agencies to seamlessly manage the cloud, proactively prevent threats, and enable a mobile workforce. Discover unparalleled excellence with VMware and Presidio Federal. Get started today at presidiofederal.com/partners/vmware.