Several Federal government officials involved in migrating government agencies toward adoption of zero trust security principles agreed during a September 30 ATARC webinar that agencies need to first think through the goals of adopting zero trust architectures before undertaking technology deployments to get there.
Speaking during the panel discussion, Sean Connelly, TIC program manager and senior cybersecurity architect at the Cybersecurity and Infrastructure Security Agency (CISA), emphasized that the old castle-moat strategy of network security is no longer sufficient.
“We need a strategy that can both understand the landscape on the operational side as we begin to have more distributed users and distributed access … and guard against the unprecedented growth in ransomware attacks,” said Connelly.
All of the panelists agreed that agencies and their workforce need to understand what that new architecture will look like, what it will act like, and what it will protect.
“We need to know what we are protecting before we decide how we will protect it,” Connolly said.
“It’s about understanding the entire principle and methodology and how to move forward with implementing,” said Shondrea Lyublanovits, senior advisor for Cybersecurity and Supply Chain Risk Management Information Technology Category at the General Services Administration.
Kevin Bingham, the zero trust technical lead at the Cybersecurity Directorate for the National Security Agency, said agencies must follow some guidelines for consistent implementation of a zero trust strategy.
“If there is no guidance or discipline in implementing a zero-trust strategy, then we will not make much progress,” Bingham said. “Being consistent on our journey to zero trust also puts a great focus on the data and the protection of data.”