Oct 01 2020

Zero-Trust Architecture Gains Ground in Federal Cybersecurity

With endpoints scattered beyond a definable perimeter, protecting data becomes more important than protecting the network.

“Trust, but verify,” says the old Russian proverb made famous by Ronald Reagan. When it comes to cybersecurity in the modern era — one marked by nation-state actors peppering U.S. networks with attacks — the federal government is relying only on verification.

The resulting zero-trust architecture means exactly that: Nothing is trusted inside or outside the network. Entry requires strict access controls, user authentication and continuous monitoring of networks and systems, among many elements. Users and devices that request access to resources are continually authenticated. 

FedTech spoke with agency leaders and security experts — Gerald Caron, director of enterprise network management at the State Department; Chase Cunningham, vice president and principal analyst at Forrester Research; Michael Howell, senior director for government initiatives at the American Council for Technology and Industry Advisory Council; and Scott Rose, a computer scientist at the National Institute of Standards and Technology and co-author of the Zero Trust Architecture (NIST Special Publication 800-207) — about the benefits zero trust brings, the technologies involved and the progress made so far. 

Log in or subscribe to keep reading — you'll also gain access to our full premium content library

matejm/Getty Images