Jun 26 2023

Data Is Key to Agencies’ Zero-Trust Implementations for the Rest of 2023

With potential cybersecurity budget decreases looming, agencies need data insights to prioritize where to buy IT equipment or software packages and where to maintain existing infrastructure.

With potential cybersecurity budget decreases looming, agencies need an understanding of the data they’re trying to protect with a zero-trust security architecture, now more than ever.

While the debt ceiling deal President Biden signed into law on June 3 didn’t explicitly cut cybersecurity funding, its two-year cap on nondefense discretionary spending will limit the investments Congress authorizes — especially for agencies lacking sound implementation plans.

Civilian agencies have seen their cyber budgets grow an estimated 12 percent in fiscal year 2023, according to GovWin, a trend that is unlikely to continue in FY 2024. At the same time, many agencies are still trying to determine which vendors support the zero-trust technologies and frameworks they need.

Click the banner below to get Insider access to exclusive security articles.

Most Agencies Aren’t Implementing Zero Trust from Scratch

The biggest challenge agencies face with their zero-trust implementations is that these are not brand-new installations; they’re occurring atop existing networks, which is like building an airplane in flight. Thus, agencies must decide which technologies to integrate with their existing IT environments while remaining within their budgets.

Many vendors are testing zero-trust capabilities, but agencies won’t know which ones they need until they assess their current IT environments — starting with their data. Data sits at the center of any zero-trust model because agencies must identify what data needs to be secured, where it’s stored, what is safeguarding it, who needs access to it and when it needs to be available.

This step is especially crucial in light of the debt ceiling deal because it will help agencies prioritize where to buy new IT equipment or software packages and where to save money by maintaining existing infrastructure. It will still take agencies several years to upgrade their infrastructure and deploy stronger authentications as part of their zero-trust implementations. Unlike the Space Force — a new agency that intends to adopt a secure, modern operating platform wholesale — most agencies have significant technical debt and regulatory requirements beyond zero trust.

One agency, for example, had a vendor stand up its network but now has no information about what data is where, so it must hire a second vendor to handle the factfinding before it can begin modernizing its legacy systems. Collaboration and information sharing issues continue to hamper zero-trust implementations.

DIVE DEEPER: Agencies finally have the resources to scale DevSecOps.

Test Desired Zero-Trust Solutions

Meanwhile, technologies and security frameworks continue to evolve, not waiting for agencies to play catch-up. Generative artificial intelligence such as ChatGPT is the latest example of new technology employees must learn. AI has been a part of security for several years now, with talent hard to come by.

Should federal cyber budgets see reductions, cyber talent will be the first area to suffer because agencies will have to focus funding on “keeping the lights on.” Despite incentives, such as the Pentagon’s and Department of Homeland Security’s training programs, top talent that agencies can’t afford will leave for the private sector.

Even industry is struggling to combat ransomware, which targets data and which zero-trust security is designed to render ineffective.

For these reasons, agencies would be wise to seek out industry partners that can build flow charts showing where their data should live and which policies affect it, while providing expertise on ideal zero-trust solutions. CDW partners with multiple vendors, understands what each is capable of and has lab space to test those capabilities to ensure an agency’s desired outcome in advance of deployment.

Agencies have spun up web applications in the past only to find their data was mined or stolen in its infancy. CDW runs tests with simulated data or mission sets to identify leakages without agencies risking a data outage or data loss that would impact their customers.

Amid budget constraints, testing to ensure zero-trust technologies meet an agency’s policies and procedures is key.

This article is part of FedTech’s CapITal blog series.

CapITal blog logo

Nikada/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.