Implementing zero trust security architectures remains a team-based exercise in which technology and security leaders need to lean on each other for knowledge and advice – even those who help run IT operations at tech-savvy agencies like the Cybersecurity and Infrastructure Security Agency (CISA).
That was the word from Brian Gattoni, CISA’s chief technology officer, who spoke about zero trust today at the 930GOV event organized by the Digital Government Institute.
Gattoni explained that CISA’s zero trust journey has been a collaborative effort, and said it should be as well for other Federal agencies embarking on this journey.
“My advice for others implementing zero trust measures is being mindful of the team sport that is this journey, you’re not going do it by yourself,” said Gattoni. “You’re not going to have all of the answers – so finding a good and knowledgeable friend and colleague is vital.”
Gattoni explained that one of the problems he ran into when embarking on the zero trust journey was understanding what aspects of data were important.
“When I first started, I thought that data was the most important aspect of zero trust, but I was wrong. It’s about who can access the data that is the most important part of zero trust,” he said.