Security

Agencies Consider Fresh Zero-Trust Security Use Cases

The government is interested in how the security model applies to quantum computing, supply chain management, DevSecOps, multicloud and artificial intelligence.

Dave Nyczepir

Dave Nyczepir is a Senior Editor for Manifest.

Federal technologists want to know how zero-trust security applies to more specific use cases as their agencies begin to integrate tools ahead of the looming compliance deadline.

The Advanced Technology Academic Research Center’s Zero Trust Working Group, consisting of government and industry security experts, is currently discussing how to approach the future of the model.

In May 2021, President Biden issued an executive order requiring civilian agencies to implement zero-trust security architectures by September 2024. ATARC’s working group formed to ensure continuous compliance and is considering using its Zero Trust Lab to next explore how the model applies to five technology tracks: quantum computing and resilience, supply chain, DevSecOps, multicloud and artificial intelligence.

“We’re going to develop use cases around these tracks and try to show the next evolution of what we did in phase two,” says Gerald Caron, co-chair of the working group and CIO of the International Trade Administration.

Click the banner to read CDW’s white paper on enhancing zero trust for your agency.

Understanding What Zero-Trust Tools Can Do

Industry partnerships are critical to improving agencies’ zero-trust security architectures because they can help federal technologists understand new cloud platform features — which are being rolled out faster than ever — and what’s possible for their organizations, Caron says.

The first phase of ATARC’s Zero Trust Lab saw about 70 vendors individually present their solutions to federal participants so they could see what was available to their agencies. Phase two was all about integrating those solutions within agencies’ existing security architectures.

“We said, ‘All right, the reality is, this is an integration effort; all these tools have to work together, so here are the use cases,’” Caron says. “‘Please show us an integrated, real-life example and run through these live.’”

Phase two showed not only what a baseline integration of zero-trust tools would look like but also how it could be tailored to meet individual agencies’ specific security requirements, he adds.

The Zero Trust Lab had hosted five integration demonstrations as of mid-November, and by all accounts they were well received, Caron says.

Advancing Zero-Trust Adoption and Education

CIOs not only have to ensure zero-trust use cases are interpreted correctly but also must determine their prerequisites and relay their agencies’ needs to vendors, Caron says.

ATARC recently consolidated its multicloud and zero-trust working groups, which is why Caron feels it’s the right time to pursue the five new tracks. All are technology areas drawing increased interest from agencies, Caron says.

Regarding AI and zero trust, Caron wants to know not only how to prevent malicious AI activity but also how to leverage the technology for the good of zero-trust solutions.

To date, demo participation has been high, and the working group continues to grow because federal technologists want to see zero trust in action.

“I think the government people that we have participating are at various levels within their zero-trust journeys and education,” Caron says. “I think it is helping.”

Image by Staff Designer