VA Outlines Importance of Zero Trust as Threat Landscape Evolves
Zero trust access models are essential to maintaining robust security frameworks.
The Department of Veteran Affairs is accelerating its zero trust journey, as the White House urges federal agencies to secure IT infrastructures and improve cybersecurity.
Agencies are all grappling with how to implement various security strategies as a result of Biden’s May Executive Order on Improving the Nation’s Cybersecurity, key elements of which include zero trust. Over the past year, VA has already been developing a strategy to leverage and integrate zero trust.
“We have to start looking at the areas that we need to protect. Our boundaries are no longer clear,” said Royce Allen, director of enterprise security architecture at VA. “Our boundaries continue to expand and expand beyond that. Now, we’re in a place where we really have to collaborate without vendors so that we can protect that environment.”
The department is looking at how it can leverage zero trust to improve the ways it protects critical data in the face of evolving threats.
“The current security model in which we use for zero trust is no longer working in this world of evolving threats,” Allen said. “As we continue to bring in new technology and new advancements, our telehealth services are critical, and protecting [health] information is also critical.”
Allen outlined the agency’s two priorities as it works to integrate zero trust: protecting health services to help patients and improving supply chain to minimize exploits. VA is launching security awareness programs to provide its workforce with basic protocols and technologies to continue to improve security.
“We must focus on a practice of continuum, verifying identity, authorization and authentication about data uses and our devices,” Allen said. “That’s why we do what we do and why zero trust is critical.”
VA is leveraging DevSecOps to host security applications, which will enable the department to have greater control and awareness. VA is also bolstering its managed services to support digital experiences and solutions, as it moves toward a zero trust framework.
Zero trust requires a comprehensive data management plan, Allen said. VA’s data governance committee has been working on a strategy to identify the department’s workflows with an emphasis on data.
“I know a lot of departments and agencies have already moved toward zero trust. VA is in the planning phases. We’re developing guidelines for how we’re going to assess the readiness of our existing capabilities. We’re looking at our trust zones and finalizing our TIC 3.0 architecture because that will be the baseline for how we’re going to move forward,” Allen said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
HHS Accelerates AI, TEFCA in 2024
Micky Tripathi, tech policy and health IT leader, reflects on progress HHS has made with AI, data and TEFCA and outlines plans for 2025.
-
VA Focuses on Continuous Improvement for 2026 EHR Rollout
VA plans to resume rollout of its EHR in mid-2026, focusing recent feedback to drive continuous improvement amid the presidential transition.
4m read -
Federal IT Trends in 2024, Outlook for 2025
Federal IT advancements in 2024 showcased the transformative potential of emerging technologies, particularly artificial intelligence.
2m read -
Navigating Federal Zero Trust Development
This panel explores the consistent steps agencies took to get here, and examines the future of zero trust.
26m watch