In working with the many players that serve the federal government — tech companies, government agencies and federal system integrators — White finds that most people identify zero trust as the No. 1 technology issue.
Yet it’s already been two years since the executive order. Where do federal agencies stand in their zero-trust journeys? The government mandates gave agencies the impetus to shift to zero trust, and set cybersecurity standards and objectives to meet by the end of the 2024 fiscal year.
EXPLORE: Why zero trust needs to be a goal, not just a mindset.
Federal Mandates Accelerate Adoption, But Challenges Remain
White facilitated a working group that collaborated with federal agencies on implementing zero trust. The group was formed to help expedite progress on the cybersecurity executive order. White says it made progress on developing zero-trust roadmaps, maturity models and strategies for agencies.
Some data suggests that adoption is strong in the public sector. Government agencies are implementing zero trust faster than corporations. Seventy-two percent of government respondents report that they already have a zero-trust initiative, compared with 55 percent of corporate respondents, according to a 2022 Okta report. Yet federal agencies are playing catch-up with threat actors and need to accelerate implementation.
“The bad guys are moving faster than the good guys,” White says.
White and Michael Epley, chief architect and security strategist at Red Hat and part of IBM’s working group, identified several reasons why implementation isn’t happening faster. One of them is the lack of a holistic approach to cybersecurity.
“For many years, we built solutions in a piecemeal fashion,” Epley says. “We focused on point solutions and were often in a very reactive mode. Sometimes those were effective, and sometimes they weren’t. It’s always been a challenge to take that and build more holistic strategies around it.”
Click here to learn more about zero-trust and IT modernization within the government.