One plus one still equals two, but when two providers of services vital to executing on the Federal government’s zero trust security migration mandate are the ones leveraging each other’s strengths, then the equation yields an extra boost through force multiplication.
As agencies accelerate efforts to move to secure cloud services and zero trust architecture in line with the requirements of the Biden administration’s executive order on cybersecurity (EO), many are challenged to close visibility gaps and blind spots in their technology environments. In a MeriTV interview, Sean Connelly, program manager for Trusted Internet Connections at the Cybersecurity and Infrastructure Security Agency (CISA), and Michael Dickman, chief product officer at cloud visibility and analytics firm Gigamon, assessed those visibility gaps and what it will take to close them – ensuring that data is secure across physical, virtual, and cloud networks.
As identity management takes a front seat in agencies’ zero trust security journeys, Federal and industry leaders agree that the government’s Identity, Credential, and Access Management (ICAM) framework is an essential element to the application of zero trust architectures, along with consolidating ICAM approaches within agencies.
As a very busy 2021 comes to a close, it’s time to reflect on the past year and look forward with optimism to the possibilities of the new one that’s about to begin. Rounding the corner to 2022, MeriTalk asked several experts on the industry side of Federal IT for their predictions of what the next year will bring.
With 2022 just around the corner, MeriTalk is taking a month-by-month look at the most popular stories in Federal IT from 2021.
Federal Chief Information Security Officer Chris DeRusha said the Technology Modernization Fund (TMF) board – on which he sits – is looking to agencies that won awards from the fund earlier this year to pursue zero trust security projects to act as a group of pathfinders who can inform the zero trust transition work of other Federal agencies going forward.
To build an effective zero trust approach, emphasizing identity and privileged access management can help agencies minimize their attack surface and cyber risk, Federal officials said during ATARC’s zero trust summit on November 18.
Adopting and integrating zero trust principles into any cybersecurity strategy is far from simple, but the use of automation technologies can help greatly in that process, Federal officials said at ATARC’s Zero Trust Summit on November 17.
President’s Biden executive order (EO) on improving the nation’s cybersecurity gave Federal agencies 90 days to develop a Zero Trust strategy among a slew of other deadlines. But according to an official from the Small Businesses Administration (SBA), communication remains a significant challenge in meeting this deadline.
According to a recently released Tripwire survey, most security professionals in the private and public sector described their zero trust security adoption as either progressing, or even well-developed, but also in need of more work.
The zero trust journey can present several challenges for organizations, with funding being just one of them, but Steven Hernandez, chief information security officer at the Department of Education, said the biggest hurdle he sees with zero trust comes down to cultural challenges.
The transition to zero trust security architectures is integral to the U.S. Department of the Army’s modernization efforts, said Army CIO Raj Iyer during an FCW virtual roundtable on October 27 where he explained security challenges that the service branch is facing and how the move to zero trust security concepts will help.
With President Biden’s cybersecurity executive order (EO) directing Federal agencies to begin moving to zero trust security architectures, agencies already have begun to make the shift. However, progress on zero trust migration – which some Federal officials termed a “paradigm shift” at an ATARC webinar today – will look different for every agency.
Several Federal government officials involved in migrating government agencies toward adoption of zero trust security principles agreed during a September 30 ATARC webinar that agencies need to first think through the goals of adopting zero trust architectures before undertaking technology deployments to get there.
The U.S. Army Corps of Engineers is looking to enhance its cybersecurity efforts with zero trust security concepts, according to the Corps’ Chief Information Officer (CIO), Dovarius Peoples.
Now that the Office and Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) have released their new directives for Federal civilian agencies to move to zero trust security principles and expanded cloud adoption, what are some near-term steps that Federal IT and cybersecurity officials should think about as they get ready to put those directives into action?
The Biden administration’s latest set of directives that aim to move Federal agencies toward zero-trust security architectures and more cloud adoption are receiving positive initial reviews from Federal IT officials, although leaving some to wonder where funding will come from for agencies to follow through on the directives.
The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) both published key draft guidance documents today that provide the next set of road maps for Federal civilian agencies to transition to zero trust security concepts over the next three years and to guide agencies to securely migrate to cloud services.
Nicolas Chaillan, the first-ever chief software officer (CSO) of the United States Air Force (USAF) and co-lead of the Department of Defense (DoD) Enterprise DevSecOps Initiative, announced his resignation today in a post on LinkedIn.
Like all Federal agencies, the Office of Personnel Management (OPM) is working on complying with President Biden’s cyber executive order (EO). To help comply with the EO and aid OPM’s modernization mission, the agency has funding requests out to the Technology Modernization Fund (TMF) Board to help OPM with the move to zero trust and cloud modernization, OPM CIO Guy Cavallo said August 31.
Ransomware attacks are on the rise and adversaries are developing more sophisticated cyberattacks, but Federal cyber experts agree that “the vast majority” of ransomware attacks active today can be prevented by good basic cyber hygiene practices.
The National Archives and Records Administration (NARA) is making bids with the Technology Modernization Fund (TMF) for funding that will help the agency improve cybersecurity and replace legacy systems that run high-value assets, said Sheena Burrell, NARA’s Deputy CIO, at a GovLoop event on August 19.
With the coronavirus pandemic continuing to provide a stubborn barrier to full-fledged office workplace returns for many Federal agencies, the Commerce Department’s chief information security officer (CISO) spoke on August 17 about paying attention to human-centric aspects of security in the development of next-generation workplaces.
An August 10 memo from Shalanda Young, acting director of the Office of Management and Budget (OMB), is providing instructions to Federal agencies about how to comply with security guidance of “critical software” as directed by President Biden’s executive order (EO) on cybersecurity issued in May.