By: Randy Johnson
Earlier this year, a series of cyberattacks on US federal agencies exposed the vulnerabilities of traditional security approaches.1 The incidents showed that conventional perimeter-based models can’t effectively combat modern cyber threats.
In response to the evolving threat landscape, the Biden administration has taken significant steps toward implementing a zero-trust security strategy for US government agencies. Executive Order 14028 mandates the federal government’s adoption of a zero-trust architecture.2 By 2024, US governmental agencies must modernize their data platforms and leverage AI and machine-learning technologies to enhance their cybersecurity capabilities.
Several programs have been funded to catalyze these technology upgrades, such as The Infrastructure Investment and Jobs Act. The act allocates USD $1 billion to The Cybersecurity and Infrastructure Security Agency (CISA) to support zero-trust adoption. Additionally, the Department of Homeland Security is offering USD $100 million in grants to aid small businesses in fortifying their security postures using zero trust.
It’s a watershed moment for the public and private sectors alike to invest in the technologies needed to digitize services, bolster cybersecurity and resiliency, and modernize the US infrastructure.
Whether your team will tap into the funding opportunities or simply look to amplify a zero-trust strategy overall, I offer the following steps to start:
- Take stock
- Shrink your trust zone
- Capitalize on existing capabilities
- Automate and unify
Take stock of the challenges ahead
Digital transformation efforts within the public sector often meet challenges that slow their momentum, increasing both cost and risk.
Some agencies still use legacy computing technologies that are decades old and incompatible with zero trust. Meanwhile, a few are even reducing their use of cloud computing and services.3
Though accelerating federal use of cloud computing would better serve the national infrastructure—and is critical to zero-trust implementation—working towards this goal can result in stalemates. In particular, many teams struggle with a shortage of skilled professionals who can shepherd this transition.
These are, in many ways, the challenges of any zero-trust journey. Zero trust isn’t just about redefining security measures; it demands a profound organizational and cultural shift. And for a successful implementation, these shifts must be addressed head on.