“Trust, but verify,” says the old Russian proverb made famous by Ronald Reagan. When it comes to cybersecurity in the modern era — one marked by nation-state actors peppering U.S. networks with attacks — the federal government is relying only on verification.
The resulting zero-trust architecture means exactly that: Nothing is trusted inside or outside the network. Entry requires strict access controls, user authentication and continuous monitoring of networks and systems, among many elements. Users and devices that request access to resources are continually authenticated.
FedTech spoke with agency leaders and security experts — Gerald Caron, director of enterprise network management at the State Department; Chase Cunningham, vice president and principal analyst at Forrester Research; Michael Howell, senior director for government initiatives at the American Council for Technology and Industry Advisory Council; and Scott Rose, a computer scientist at the National Institute of Standards and Technology and co-author of the Zero Trust Architecture (NIST Special Publication 800-207) — about the benefits zero trust brings, the technologies involved and the progress made so far.