Although zero trust has become a bit of a buzzword in the IT world, experts agree that zero trust is “foundational” to all security approaches and that foundation needs to continue to grow in tandem with emerging tech.
During GovExec’s “Zero Trust: Get Beyond the Buzzword With Real Time Data Instrumentation at the Edge” event on May 5, U.S. Air Force CDO Eileen Vidrine and Matthew Marsden, vice president at Tanium discussed how zero trust has shaped their security journeys and why the strategy so important when it comes to security today.
When asked how his work in the intelligence community has shaped his work in zero trust, Marsden called his support for zero trust a “no brainer.”
“It [zero trust] has been foundational to all of my approaches to security and access management,” Marsden said. “Just because you have the badge doesn’t mean you get in the building, just because you’re in the building doesn’t mean you get in the room, and just because you’re in the room doesn’t mean they read the files. That’s baked into my thought process with everything that I do.”
Vidrine agreed with Marsden and said zero trust has “truly shaped and informed” how the Air Force goes about its security practices.
“It’s very easy to tell people, ‘no.’ So part of the challenge that I have with my people is how do we get to ‘yes.’ And so I think that part of the zero trust journey is to go through that deliberate process so that we can get to ‘yes’ where applicable, and that ‘no’ isn’t always the default answer,” Vidrine said. “It’s about how do we really support each other to support the mission and to get it right from a foundational perspective.”
“Because we’re talking emerging tech and when we’re talking about emerging tech and emerging data, the foundation has to grow and mature as the environment matures but it gives you that baseline to build from which I think is pretty awesome,” she added.
As for IT professionals working to implement zero trust in an agency, Vidrine said “step one” is to “be trusted partners with your chief information security officer, and their entire team.” She stressed a trusted partnership is crucial to implementing zero trust, as it is with any security process.
On the other hand, Marsden encouraged Federal government leaders to make a “thorough evaluation” of their technology as step one of their zero trust implementation process.
“I would just encourage leaders who are working on this zero trust journey to focus on what the future workforce looks like, really take time to evaluate technologies that can support an enterprise that is remote and dynamic,” he said. “Consider how to build a platform that facilitates continuous and continual access decisions and just provide access to resources, regardless of the device from which the requests is coming. Now more than ever that real-time visibility and control is paramount to a comprehensive security plan.”