Guest Column: Moving to Zero Trust
The modernization of information technology systems has tremendous potential to remake the way government agencies do business. Government’s move to the cloud, for one, is enabling agencies to move faster and with greater agility, ultimately increasing workforce productivity and accelerating the advancement of agencies’ missions.
Government agencies, however, are not IT organizations. They rely on IT providers to deliver optimal service, whether cloud computing, artificial intelligence, mobile solutions or advanced security. Lacking that support, agencies run the risk of impeding modernization, raising vulnerability to cyberattacks and continuing to incur the cost of propping up legacy systems.
Modernization requires moving from an outdated perimeter-based security paradigm to a dynamic zero-trust security architecture. Done correctly, zero trust improves the user experience and reduces systemic risk. The approach is based on three imperatives:
- moving to a least-privilege access model
- protecting against targeted threats, regardless of whether users are on or off the network
- make the end-user experience fast, intelligent and secure
At a minimum, agencies seeking the benefits of zero trust architecture should complete a threat assessment; conduct a zero trust architecture assessment; discontinue providing broad network access to users; and decommission legacy access.
Benefits of moving to a zero-trust model include easier access to the cloud, reduced complexity of the security stack, and superior security that enhances the user experience.