The Keys to Implementing Zero Trust are People, Process, Tech
Partnerships with private sectors and user-centric frameworks are key to defending against cyber adversaries.
Agencies must holistically invest in a strategic model, like the “people, process, technology” framework when implementing asset management and zero-trust architecture to successfully defend against cyberthreats and enhance overall resilience, government leaders said during a FedInsider webinar.
“I always use the framework because change adoption and user acceptance are very important when cybersecurity fields are implementing a change,” said Bureau of Engraving and Printing (BEP) Acting Deputy Director and Chief Administrative Officer Harry Singh. “We’re in the process of implementing zero trust excellence, so as we deploy tools, it’s always going to be user-centric planning with feedback mechanisms.”
Singh said it’s imperative to educate users, instruct the impact of the change, gather feedback and embrace emerging challenges as opportunities instead of setbacks. He added that creating a situational awareness program will always result in positive output.
As agencies integrate cyber asset management practices, federal government partnerships with the private sector can be instrumental in establishing security standards for software development.
“It’s quite a challenge, but whether it’d be with public or private corporations, we must look at how we can all buy into the same policies and concepts to reduce risks,” said Government Accountability Officer CISO Mark Canter. “It’s a group effort and it goes into the ‘see something, say something’ slogan. As we move forward, everyone must understand risks, not just for their specific responsibilities, but for the larger risk of the organization.”
“When establishing security standards for software development, maybe we can have a software-secure label, just like we have an FDA-approved drug label,” Singh added.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the five pillars of zero trust architectures are identity, device, application workload and data. Singh emphasized that neglecting any one of these pillars may likely result in an incomplete model.
The core of BEP’s approach to maintain visibility across their network and improve threat detection and response is leveraging the three W’s of zero trust: who’s accessing the network, what actions are they performing, and where on the network can they be found, Singh said.
“Our primary strategies focus on the management of identity and data, but answering all of these questions in real time is crucial and represents your agency’s current stage,” Singh said. “I’ve learned in this zero-trust journey that it’s very important to choose tools that integrate well with our existing architecture.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DODIN Strategy Aims to Outpace Cyber Threats
JFHQ-DODIN Commander Lt. Gen. Paul Stanton says the new "How We Prevail" plan moves from reactive defense to proactive threat mitigation.
4m read -
Preparing for the Future Cyber Landscape
CISA, CFPB and Rubrik discuss how they’re building cybersecurity best practices and developing their workforces to prepare for the future threat landscape and bolster cyber resilience.
30m watch -
Air Force Chief: Modernization Is Critical to Maintaining Superiority
Air Force Secretary Frank Kendall cites AI, automation and cyber resilience as key modernization components to outpace China by 2050.
3m read -
Trump's DHS Secretary Pick Prioritizes Tech to Boost Security
South Dakota Governor Kristi Noem has prioritized advancements in cyber, quantum and biometrics to enhance state and national security.
7m read