How Agencies Are Rising to the Zero Trust Challenge
Several agencies, for example, have shifted to a development, security and operations approach in order to integrate security as a shared responsibility throughout the IT development lifecycle. (“Agencies Finally Have the Resources to Scale DevSecOps”).
At the Department of Energy, DevSecOps has allowed the department’s development teams to more quickly navigate the Authority to Operate security authorization process. The VA’s implementation of DevSecOps is not only an IT strategy but also a way to give veterans access to the services they’ve earned while also giving them confidence that the agency is protecting their personal information.
Multifactor authentication is another key component of the push toward zero-trust architecture, but with contractors accounting for up to 40 percent of the federal workforce, agencies need a more diverse set of authentication technologies beyond the Personal Identify Verification card that helps keep full-time staff secure.
Our feature “Agencies Onboarding Contractors Need More Diverse Authentication Technologies” highlights some of these Identity, Credential and Access Management (ICAM) technologies, including Fast Identity Online (FIDO2), a set of open, standardized authentication protocols that the USDA is using as they move toward full implementation of the zero-trust authentication requirements.
As new and increasingly more sophisticated cyberthreats continue to emerge, government IT professionals will undoubtedly face new challenges as they work to fully implement a zero trust architecture. But I have no doubt that when they do, they’ll find new and improved solutions in order to continue to serve and protect citizens securely and efficiently.