The clock is ticking on zero trust
Federal agencies have wasted little time getting to work to meet the end of fiscal year 2024 deadline but there’s still lots of work left to do.
It has been almost nine months since the Biden Administration released the federal government's zero trust strategy. The strategy comes as part of a more extensive executive action announced 15 months ago, aimed at improving the nation's cybersecurity with a focus on improving security measures against the government's digital infrastructure.
Federal agencies have wasted little time getting to work to meet the end of fiscal year 2024 deadline but there's still lots of work left to do.
According to a recent survey commissioned by General Dynamics Information Technology , 58% of respondents said one of the primary challenges to implementing zero trust would be rebuilding or replacing legacy infrastructure, 50% are having trouble identifying what technologies they need, and 48% think their agency lacks sufficient IT staff experience.
These are significant challenges. Agencies need to quickly get clear on their approaches to overcome these hurdles to ensure there is enough time to implement them effectively. Technology leaders do not want to rush to meet the deadline, only to find they overlooked critical components needed for an effective zero trust architecture.
The most successful agencies to date continue to look toward Secure Access Service Edge (SASE) solutions for zero trust success. SASE tools help better secure applications, devices, users and workloads at the network edge. This is a particularly strong approach for the unpredictability that comes along with more hybrid work setups, where employees are working from anywhere and accessing sensitive information on multiple devices.
Along with these guidelines, agencies must ensure changes they make to comply with the zero trust mandate do not compromise safety along the way. To remain protected, organizations often bolt on to existing infrastructure, allowing them to take advantage of zero trust without making wholesale changes. SASE platforms can also help in this regard.
As federal agencies look to implement zero trust, they will want to look for solutions like SASE that manage activities such as endpoint cloud coverage, conditional access for mobile devices, controls for cloud-based applications and modernizing legacy infrastructure and applications.
The road forward
The zero trust mandate pushes the federal government's security forward. The change is not just about security, but an acknowledgment that government technology systems have continued to mature and need defensive solutions that match this growth.
Enterprises outside of government continue to turn toward zero trust because it provides a straightforward premise that all stakeholders can understand: No one on the network should be trusted. We know that bad actors will infiltrate systems, regardless of the strength of perimeter defenses. Zero trust ensures that their ability to do harm once inside remains limited.
The Biden administration has set a tight deadline to make these changes happen. Federal agencies can meet these demands with an approach that values both speed and security equally. If agencies can balance both needs, they will be able to create a safe ecosystem for their data and for their employees. As with any change, federal agencies should see this as an opportunity to make widespread adjustments that will fundamentally improve how they operate. Agencies are already off to a great start and, with the right strategy, can reach the finish line as a winner.
Tony D'Angelo is vice president,public sector at Lookout
NEXT STORY: ARPA-H: High-risk, High-reward Health Research is the Mandate of New, Billion-dollar US Agency