5 Takeaways from our CyberScape Zero Trust event
 
Desktop Banner artwork for the Zero Trust Breakfast event recap page
Mobile Banner artwork for the Zero Trust Breakfast event recap page

5 Takeaways from our CyberScape Zero Trust event

Zero trust is sweeping across government. Following the May 2021 White House Executive Order on Improving the Nation's Cybersecurity, IT leaders are implementing new structures and systems to build the foundation for zero trust. Government leaders will address topics such as ICAM strategy and software-defined network access structure. Tech-minded leaders from defense and civilian agencies discuss best practices and how this will impact future procurements and their missions.

 
Please provide your information to read more
 

 

01
Data management is foundational to a successful zero trust strategy.
01
Data management is foundational to a successful zero trust strategy.
 

  • During the opening fireside chat, CISA Associate Director for Vulnerability Management Jay Gazlay described the state of federal IT infrastructure as "pretty porous" and susceptible to penetration by foreign adversaries. He advised federal agencies to focus on deploying robust data strategies and employing data governance to get the most out of a zero trust strategy. 

  • Defense Digital Service Expert Nicole Thompson and HHS OIG CIO Gerald Caron echoed Gazlay’s comments during panels on software and endpoint security, asserting that the first step toward zero trust is data-mapping as opposed to network-mapping. Organizations must understand where their data is and what’s “normal” for their data before they can protect it effectively. 

 
02
Cybersecurity can’t ignore user experience.
image of Drew Malloy, Technical Director, Cybersecurity and Analytics Directorate, DISA
02
Cybersecurity can’t ignore user experience.
 

  • One of the biggest problems facing organizations is balancing a friendly user experience with cybersecurity controls. One of the Defense Department’s cybersecurity goals is to unify endpoint management to improve user experience while maintaining a strong cyber posture, according to DISA Technical Director Drew Malloy. 

    “Security can't just come at the cost of performance,” Malloy said. 

  • Gazlay also highlighted how user-friendly data access strategies can result in increased cybersecurity risks, but user experience and a strong cyber posture don’t have to be mutually exclusive. 

 
03
Zero trust requires a culture shift.
quote from Natalia Martin, Acting Director, National Cybersecurity Center of Excellence, NIST
03
Zero trust requires a culture shift.
image of Natalia Martin, Acting Director, National Cybersecurity Center of Excellence, NIST
 

  • For many organizations, zero trust is a radical cybersecurity transformation. Natalia Martin, acting director of NIST's National Cybersecurity Center of Excellence, said creating community through workshops and common language can help federal agencies and private companies begin zero trust first steps like monitoring the software supply chain. 

  • Cultivating a cyber-aware workforce is also key. Training teams to see security as “the most important thing” is a major priority for VA CIO Kurt DelBene. 

    “The people driving your system need to have a sense of what zero trust means to them,” he said during the closing fireside chat. 

 
04
Identity management is about protecting users and their data.
04
Identity management is about protecting users and their data.
 

  • Identity management is everything when developing a robust cybersecurity strategy. Malicious cyber actors are increasingly pursuing identities of users, devices and machines because they can unlock data access on a network. 

    Due to this trend, GSA’s Director of the Identity Assurance and Trusted Access Division, Ken Myers, is focused on insider threat mitigation and building identity, credential and access management (ICAM) solutions into core IT infrastructure

  • Felipe Fernandez, director of systems engineering at Fortinet Federal, wants federal agencies to develop ICAM solutions to the point of automation, so data access can be revoked as quickly as it is granted to limit breaches. 

 
05
Zero trust is a marathon, not a sprint.
image of Don Watson, CISO, USPTO
05
Zero trust is a marathon, not a sprint.
 

  • One of the biggest misconceptions around zero trust is that it’s going to be “easy,” according to Gazlay. Zero trust is a journey, and not every organization will immediately shift into a perfect zero trust posture. 

    One challenge to zero trust is technical debt. For many federal agencies, the technology “is just not there,” Gazlay said. 

  • USPTO CISO Don Watson said cybersecurity leaders need to be “enablers” of their business or agency mission and develop close relationships with product and development teams to move towards a zero trust mindset. 

    DDS’ bug bounty program is one strategy for helping the Pentagon inch closer to strong cyber defenses incorporating zero trust principles, according to Thompson. 

    A zero trust “scorecard” can also help federal agencies stay on track with their zero trust vision, DelBene said. 

 
Follow Us 
© 2023 GovCIO Media & Research LLC. All rights reserved. Privacy policy.