Supporting a Zero Trust Approach for Government IT


The recent cybersecurity Executive Order from President Joe Biden sent ripples through the federal government. Agencies and their IT teams have long had to contend with the difficulties of defending the nation’s networks, but this order has sought to make them more accountable for their cyber security practices. The first step was to understand that cyber attacks are inevitable.  With that in mind, the order encouraged agencies to embrace a Zero Trust approach.

Put simply, a Zero Trust approach is acting on the assumption that the network is already compromised. Therefore, every entity on a network must verify its identity whenever trying to access information. The approach has long been identified as the future of cybersecurity infrastructure, but its use by the federal government has often fallen behind those in the private sector. While the order does not mandate its use, it does call on agencies to outline how they can use Zero Trust and the framework for its implementation.

Speaking at the recent FedTalks Fireside Chat, Peter Romness, Cybersecurity Principal for the Public Sector CTO Office at Cisco, spoke at length about the order noting that “this executive order is enormously significant,” and the order itself is a recognition that government IT data is “significantly vulnerable” to adversaries.

When looking to defend against these malicious actors, Romness joins the chorus of voices saying that a Zero Trust approach is one of the most effective ways to limit the damage that can be done on a network. “The Executive Order acknowledges the importance of Zero Trust, but it is also allowing some momentum to grow within the agencies.” It is that second part that is so crucial to ensuring the success of the order. “The idea is to give agencies the ability to set a policy and then to enforce that policy throughout their organization.”

Cyber security efforts at the federal government level have always been a priority. As networks become more remote and disparate with the increase of devices at the edge, however, it is more critical than ever to have a plan in place. “[The order] is about developing a plan, about making strategic additions so that agencies can get the most out of what they have already done,” Romness continued. “Agencies can do this with a Zero Trust mindset.”

When working with the federal government, the current cyberinfrastructure is crucial as it will likely be the foundation of their next iteration of cybersecurity. The framework of the order provides ample areas for the IT channel to begin working with the public sector partners. The key goal moving forward, at least as Romness sees it, is to “help get agencies from point A to point Z of Zero Trust,” which is what the industry is raring to help them accomplish.

To learn more about Cisco’s Zero Trust solution click here.


More Like This