The cultural and mindset shifts required to advance the migration by Federal agencies to zero trust security architectures are proving to be among the more stubborn areas of change in that sweeping effort, according to Angel Phaneuf, Chief Information Security Officer, at the U.S. Army Software Factory.
Speaking at ATARC’s 2022 Zero Trust Summit event on August 9, Phaneuf explained that she and her colleagues have been battling against deep-rooted but increasingly outdated cybersecurity concepts as they push the zero trust effort forward. The good news is that they are starting to prevail in the competition for hearts and minds.
“I think that culture shift is happening in the government,” Phaneuf said. “I see it happening and see people that I talked to two years ago that wanted to do nothing with cloud, and [were] going to go back to servers and racks.”
“They’re now on their cloud journey asking questions like, ‘Why don’t you tell me a little bit about how this went with your particular issue,’” she said. “I’m seeing it change. I think it’s good, I think it’s going for the better.”
A key ingredient to engineering the culture shift on zero trust is the need to show – and not just talk – about the importance of cloud computing and its importance in achieving zero trust security objectives, said Alyssa Feola Cybersecurity Advisor at the General Services Administration’s Technology Transformation Services organization.
“The more you can show people, instead of just telling them, it helps,” she said. “I think culturally, we have created an environment … where we feel safe behind the firewall. But with zero trust, she Feola said, “we’re putting things in front of the firewall and making them internet accessible.”