The Future of Remote Work Within DOD
Remote work is a driving force behind zero trust in part because it has led to an increase in the attack surface and in phishing attacks against users.
In late October, Sherman also indicated that the DOD wants to turn its main telework tool, the Commercial Virtual Remote (CVR) environment, into a permanent capability by next summer, according to Defense Systems. CVR uses the cloud-based Microsoft Teams collaboration tool and serves more than 1 million employees across the DOD enterprise.
“We are currently working on a more enduring [Microsoft] Office 365 base capability,” with higher security capabilities, Sherman said Oct. 28 during C4ISRNET’s CyberCon event, Defense Systems reports. The goal is to deploy a platform with CVR capabilities that supports Impact Level 5 security for the DOD’s most sensitive unclassified data.
However, in a zero-trust environment, successful phishing attacks would not cause much damage, Sherman argued at the FedScoop event, since an attacker who harvested a DOD user’s credentials would not get access to the network without additional authentication.
The DOD needs to work toward deploying “fine-grained access” for users, Sherman said, according to FedScoop. “This just might be the exact preview of how we will have to operate” in the future, he said.
EXPLORE: Read our roundtable discussion on how federal agencies are approaching zero trust.