Zero Trust May Create a Huge Boost for Security Effectiveness
What exactly does zero trust mean at a federal government level? The concept itself is simple: Any traffic on a network — whether internal or external — is considered untrustworthy until it’s been verified and users have been authenticated. Implemented effectively, zero trust is expected to boost security efficacy by more than 144 percent, according to one report.
In practice, the shift to zero trust is complicated by two factors: Federal agencies are now dealing with massive data volumes from a growing variety of sources. At the same time, the White House has directed agencies to support the continuation of hybrid work policies where possible.
The result is a traffic-heavy network environment that requires agile and adaptable tools capable of detecting and verifying traffic from any source. It also demands the deployment of solutions that let government IT teams quickly identify problem areas and take necessary action.
So, what’s on the horizon for zero trust in the federal government?
First up is the recognition that zero trust doesn’t exist in isolation. “You need to come up with new cyber response playbooks, and you need to start looking at endpoint detection,” says Christopher Copeland, CTO for Accenture Federal Services.
“You’re going to touch everything, from your physical devices to your network to your infrastructure, your data, your applications, and your authentication and access controls,” he adds.
The result is an adoption framework that doesn’t just depend on best-of-breed technologies, but also benefits significantly from the assistance of experienced partners who can help federal organizations pinpoint ideal starting points for zero-trust solutions.
So Many Cyber Policies, So Little Time
Next up is cultural impact. According to Marlin McFate, public sector CTO of Riverbed Technology, the sheer number of policy and process inspection points across federal networks means that in the near term, agencies “will only succeed in implementing portions of zero trust.”
As a result, cultural uptake becomes critical. If staff aren’t on the same page as executives when it comes to the deployment and use of zero-trust solutions across the agency, it becomes increasingly difficult to ensure operational momentum.
McFate notes that while complex federal government networks have always faced deficiencies in application collaboration and adoption that introduced security risk, “there weren’t enough compelling events to push us over into something new.”
The perfect storm of evolving attack vectors and pandemic pressures, however, offered the impetus for fundamental change.